OLD | NEW |
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sync/internal_api/sync_encryption_handler_impl.h" | 5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include <memory> | 9 #include <memory> |
10 #include <string> | 10 #include <string> |
11 | 11 |
12 #include "base/base64.h" | 12 #include "base/base64.h" |
13 #include "base/json/json_string_value_serializer.h" | 13 #include "base/json/json_string_value_serializer.h" |
14 #include "base/run_loop.h" | 14 #include "base/run_loop.h" |
15 #include "base/tracked_objects.h" | 15 #include "base/tracked_objects.h" |
16 #include "sync/internal_api/public/base/model_type_test_util.h" | 16 #include "components/sync/base/cryptographer.h" |
17 #include "sync/internal_api/public/read_node.h" | 17 #include "components/sync/base/model_type_test_util.h" |
18 #include "sync/internal_api/public/read_transaction.h" | 18 #include "components/sync/core/read_node.h" |
19 #include "sync/internal_api/public/test/test_user_share.h" | 19 #include "components/sync/core/read_transaction.h" |
20 #include "sync/internal_api/public/write_node.h" | 20 #include "components/sync/core/test/test_user_share.h" |
21 #include "sync/internal_api/public/write_transaction.h" | 21 #include "components/sync/core/write_node.h" |
22 #include "sync/protocol/nigori_specifics.pb.h" | 22 #include "components/sync/core/write_transaction.h" |
23 #include "sync/protocol/sync.pb.h" | 23 #include "components/sync/protocol/nigori_specifics.pb.h" |
24 #include "sync/syncable/entry.h" | 24 #include "components/sync/protocol/sync.pb.h" |
25 #include "sync/syncable/mutable_entry.h" | 25 #include "components/sync/syncable/entry.h" |
26 #include "sync/syncable/syncable_write_transaction.h" | 26 #include "components/sync/syncable/mutable_entry.h" |
27 #include "sync/test/engine/test_id_factory.h" | 27 #include "components/sync/syncable/syncable_write_transaction.h" |
28 #include "sync/test/fake_encryptor.h" | 28 #include "components/sync/test/engine/test_id_factory.h" |
29 #include "sync/util/cryptographer.h" | 29 #include "components/sync/test/fake_encryptor.h" |
30 #include "testing/gmock/include/gmock/gmock.h" | 30 #include "testing/gmock/include/gmock/gmock.h" |
31 #include "testing/gtest/include/gtest/gtest.h" | 31 #include "testing/gtest/include/gtest/gtest.h" |
32 | 32 |
33 namespace syncer { | 33 namespace syncer { |
34 | 34 |
35 namespace { | 35 namespace { |
36 | 36 |
37 using ::testing::_; | 37 using ::testing::_; |
38 using ::testing::AnyNumber; | 38 using ::testing::AnyNumber; |
39 using ::testing::AtLeast; | 39 using ::testing::AtLeast; |
40 using ::testing::Mock; | 40 using ::testing::Mock; |
41 using ::testing::SaveArg; | 41 using ::testing::SaveArg; |
42 using ::testing::StrictMock; | 42 using ::testing::StrictMock; |
43 | 43 |
44 // The raw keystore key the server sends. | 44 // The raw keystore key the server sends. |
45 static const char kRawKeystoreKey[] = "keystore_key"; | 45 static const char kRawKeystoreKey[] = "keystore_key"; |
46 // Base64 encoded version of |kRawKeystoreKey|. | 46 // Base64 encoded version of |kRawKeystoreKey|. |
47 static const char kKeystoreKey[] = "a2V5c3RvcmVfa2V5"; | 47 static const char kKeystoreKey[] = "a2V5c3RvcmVfa2V5"; |
48 | 48 |
49 class SyncEncryptionHandlerObserverMock | 49 class SyncEncryptionHandlerObserverMock |
50 : public SyncEncryptionHandler::Observer { | 50 : public SyncEncryptionHandler::Observer { |
51 public: | 51 public: |
52 MOCK_METHOD2(OnPassphraseRequired, | 52 MOCK_METHOD2(OnPassphraseRequired, |
53 void(PassphraseRequiredReason, | 53 void(PassphraseRequiredReason, |
54 const sync_pb::EncryptedData&)); // NOLINT | 54 const sync_pb::EncryptedData&)); // NOLINT |
55 MOCK_METHOD0(OnPassphraseAccepted, void()); // NOLINT | 55 MOCK_METHOD0(OnPassphraseAccepted, void()); // NOLINT |
56 MOCK_METHOD2(OnBootstrapTokenUpdated, | 56 MOCK_METHOD2(OnBootstrapTokenUpdated, |
57 void(const std::string&, BootstrapTokenType type)); // NOLINT | 57 void(const std::string&, BootstrapTokenType type)); // NOLINT |
58 MOCK_METHOD2(OnEncryptedTypesChanged, | 58 MOCK_METHOD2(OnEncryptedTypesChanged, void(ModelTypeSet, bool)); // NOLINT |
59 void(ModelTypeSet, bool)); // NOLINT | 59 MOCK_METHOD0(OnEncryptionComplete, void()); // NOLINT |
60 MOCK_METHOD0(OnEncryptionComplete, void()); // NOLINT | |
61 MOCK_METHOD1(OnCryptographerStateChanged, void(Cryptographer*)); // NOLINT | 60 MOCK_METHOD1(OnCryptographerStateChanged, void(Cryptographer*)); // NOLINT |
62 MOCK_METHOD2(OnPassphraseTypeChanged, void(PassphraseType, | 61 MOCK_METHOD2(OnPassphraseTypeChanged, |
63 base::Time)); // NOLINT | 62 void(PassphraseType, |
| 63 base::Time)); // NOLINT |
64 MOCK_METHOD1(OnLocalSetPassphraseEncryption, | 64 MOCK_METHOD1(OnLocalSetPassphraseEncryption, |
65 void(const SyncEncryptionHandler::NigoriState&)); // NOLINT | 65 void(const SyncEncryptionHandler::NigoriState&)); // NOLINT |
66 }; | 66 }; |
67 | 67 |
68 google::protobuf::RepeatedPtrField<google::protobuf::string> | 68 google::protobuf::RepeatedPtrField<google::protobuf::string> |
69 BuildEncryptionKeyProto(const std::string& encryption_key) { | 69 BuildEncryptionKeyProto(const std::string& encryption_key) { |
70 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 70 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
71 keys.Add()->assign(encryption_key); | 71 keys.Add()->assign(encryption_key); |
72 return keys; | 72 return keys; |
73 } | 73 } |
(...skipping 28 matching lines...) Expand all Loading... |
102 std::string() /* keystore key for bootstrapping */)); | 102 std::string() /* keystore key for bootstrapping */)); |
103 encryption_handler_->AddObserver(&observer_); | 103 encryption_handler_->AddObserver(&observer_); |
104 } | 104 } |
105 | 105 |
106 void CreateRootForType(ModelType model_type) { | 106 void CreateRootForType(ModelType model_type) { |
107 syncer::syncable::Directory* directory = user_share()->directory.get(); | 107 syncer::syncable::Directory* directory = user_share()->directory.get(); |
108 | 108 |
109 std::string tag_name = ModelTypeToRootTag(model_type); | 109 std::string tag_name = ModelTypeToRootTag(model_type); |
110 | 110 |
111 syncable::WriteTransaction wtrans(FROM_HERE, syncable::UNITTEST, directory); | 111 syncable::WriteTransaction wtrans(FROM_HERE, syncable::UNITTEST, directory); |
112 syncable::MutableEntry node(&wtrans, | 112 syncable::MutableEntry node(&wtrans, syncable::CREATE, model_type, |
113 syncable::CREATE, | 113 wtrans.root_id(), tag_name); |
114 model_type, | |
115 wtrans.root_id(), | |
116 tag_name); | |
117 node.PutUniqueServerTag(tag_name); | 114 node.PutUniqueServerTag(tag_name); |
118 node.PutIsDir(true); | 115 node.PutIsDir(true); |
119 node.PutServerIsDir(false); | 116 node.PutServerIsDir(false); |
120 node.PutIsUnsynced(false); | 117 node.PutIsUnsynced(false); |
121 node.PutIsUnappliedUpdate(false); | 118 node.PutIsUnappliedUpdate(false); |
122 node.PutServerVersion(20); | 119 node.PutServerVersion(20); |
123 node.PutBaseVersion(20); | 120 node.PutBaseVersion(20); |
124 node.PutIsDel(false); | 121 node.PutIsDel(false); |
125 node.PutId(ids_.MakeServer(tag_name)); | 122 node.PutId(ids_.MakeServer(tag_name)); |
126 sync_pb::EntitySpecifics specifics; | 123 sync_pb::EntitySpecifics specifics; |
127 syncer::AddDefaultFieldValue(model_type, &specifics); | 124 syncer::AddDefaultFieldValue(model_type, &specifics); |
128 node.PutSpecifics(specifics); | 125 node.PutSpecifics(specifics); |
129 } | 126 } |
130 | 127 |
131 void PumpLoop() { | 128 void PumpLoop() { base::RunLoop().RunUntilIdle(); } |
132 base::RunLoop().RunUntilIdle(); | |
133 } | |
134 | 129 |
135 // Getters for tests. | 130 // Getters for tests. |
136 UserShare* user_share() { return test_user_share_.user_share(); } | 131 UserShare* user_share() { return test_user_share_.user_share(); } |
137 SyncEncryptionHandlerImpl* encryption_handler() { | 132 SyncEncryptionHandlerImpl* encryption_handler() { |
138 return encryption_handler_.get(); | 133 return encryption_handler_.get(); |
139 } | 134 } |
140 SyncEncryptionHandlerObserverMock* observer() { return &observer_; } | 135 SyncEncryptionHandlerObserverMock* observer() { return &observer_; } |
141 Cryptographer* GetCryptographer() { | 136 Cryptographer* GetCryptographer() { |
142 return encryption_handler_->GetCryptographerUnsafe(); | 137 return encryption_handler_->GetCryptographerUnsafe(); |
143 } | 138 } |
144 | 139 |
145 void VerifyMigratedNigori(PassphraseType passphrase_type, | 140 void VerifyMigratedNigori(PassphraseType passphrase_type, |
146 const std::string& passphrase) { | 141 const std::string& passphrase) { |
147 VerifyMigratedNigoriWithTimestamp(0, passphrase_type, passphrase); | 142 VerifyMigratedNigoriWithTimestamp(0, passphrase_type, passphrase); |
148 } | 143 } |
(...skipping 11 matching lines...) Expand all Loading... |
160 EXPECT_TRUE(nigori.has_keystore_migration_time()); | 155 EXPECT_TRUE(nigori.has_keystore_migration_time()); |
161 EXPECT_TRUE(nigori.keybag_is_frozen()); | 156 EXPECT_TRUE(nigori.keybag_is_frozen()); |
162 if (passphrase_type == CUSTOM_PASSPHRASE || | 157 if (passphrase_type == CUSTOM_PASSPHRASE || |
163 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) { | 158 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) { |
164 EXPECT_TRUE(nigori.encrypt_everything()); | 159 EXPECT_TRUE(nigori.encrypt_everything()); |
165 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty()); | 160 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty()); |
166 if (passphrase_type == CUSTOM_PASSPHRASE) { | 161 if (passphrase_type == CUSTOM_PASSPHRASE) { |
167 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE, | 162 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE, |
168 nigori.passphrase_type()); | 163 nigori.passphrase_type()); |
169 if (!encryption_handler()->custom_passphrase_time().is_null()) { | 164 if (!encryption_handler()->custom_passphrase_time().is_null()) { |
170 EXPECT_EQ(nigori.custom_passphrase_time(), | 165 EXPECT_EQ( |
171 TimeToProtoTime( | 166 nigori.custom_passphrase_time(), |
172 encryption_handler()->custom_passphrase_time())); | 167 TimeToProtoTime(encryption_handler()->custom_passphrase_time())); |
173 } | 168 } |
174 } else { | 169 } else { |
175 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE, | 170 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE, |
176 nigori.passphrase_type()); | 171 nigori.passphrase_type()); |
177 } | 172 } |
178 } else { | 173 } else { |
179 EXPECT_FALSE(nigori.encrypt_everything()); | 174 EXPECT_FALSE(nigori.encrypt_everything()); |
180 EXPECT_FALSE(nigori.keystore_decryptor_token().blob().empty()); | 175 EXPECT_FALSE(nigori.keystore_decryptor_token().blob().empty()); |
181 EXPECT_EQ(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE, | 176 EXPECT_EQ(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE, |
182 nigori.passphrase_type()); | 177 nigori.passphrase_type()); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
214 EXPECT_TRUE(other_cryptographer.is_ready()); | 209 EXPECT_TRUE(other_cryptographer.is_ready()); |
215 | 210 |
216 sync_pb::NigoriSpecifics nigori; | 211 sync_pb::NigoriSpecifics nigori; |
217 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 212 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
218 nigori.set_keybag_is_frozen(true); | 213 nigori.set_keybag_is_frozen(true); |
219 nigori.set_keystore_migration_time(migration_time); | 214 nigori.set_keystore_migration_time(migration_time); |
220 | 215 |
221 if (passphrase_type == KEYSTORE_PASSPHRASE) { | 216 if (passphrase_type == KEYSTORE_PASSPHRASE) { |
222 sync_pb::EncryptedData keystore_decryptor_token; | 217 sync_pb::EncryptedData keystore_decryptor_token; |
223 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 218 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
224 other_cryptographer, | 219 other_cryptographer, keystore_key, &keystore_decryptor_token)); |
225 keystore_key, | |
226 &keystore_decryptor_token)); | |
227 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 220 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
228 keystore_decryptor_token); | 221 keystore_decryptor_token); |
229 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 222 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
230 } else { | 223 } else { |
231 nigori.set_encrypt_everything(true); | 224 nigori.set_encrypt_everything(true); |
232 nigori.set_passphrase_type( | 225 nigori.set_passphrase_type( |
233 passphrase_type == CUSTOM_PASSPHRASE ? | 226 passphrase_type == CUSTOM_PASSPHRASE |
234 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE : | 227 ? sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE |
235 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 228 : sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
236 } | 229 } |
237 return nigori; | 230 return nigori; |
238 } | 231 } |
239 | 232 |
240 // Build a migrated nigori node with the specified default passphrase | 233 // Build a migrated nigori node with the specified default passphrase |
241 // and keystore key and initialize the encryption handler with it. | 234 // and keystore key and initialize the encryption handler with it. |
242 void InitKeystoreMigratedNigori(int64_t migration_time, | 235 void InitKeystoreMigratedNigori(int64_t migration_time, |
243 const std::string& default_passphrase, | 236 const std::string& default_passphrase, |
244 const std::string& keystore_key) { | 237 const std::string& keystore_key) { |
245 { | 238 { |
246 WriteTransaction trans(FROM_HERE, user_share()); | 239 WriteTransaction trans(FROM_HERE, user_share()); |
247 WriteNode nigori_node(&trans); | 240 WriteNode nigori_node(&trans); |
248 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 241 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
249 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( | 242 sync_pb::NigoriSpecifics nigori = |
250 KEYSTORE_PASSPHRASE, | 243 BuildMigratedNigori(KEYSTORE_PASSPHRASE, migration_time, |
251 migration_time, | 244 default_passphrase, keystore_key); |
252 default_passphrase, | |
253 keystore_key); | |
254 nigori_node.SetNigoriSpecifics(nigori); | 245 nigori_node.SetNigoriSpecifics(nigori); |
255 } | 246 } |
256 | 247 |
257 EXPECT_CALL(*observer(), | 248 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
258 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
259 EXPECT_CALL(*observer(), | 249 EXPECT_CALL(*observer(), |
260 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 250 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
261 EXPECT_CALL(*observer(), | 251 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); |
262 OnCryptographerStateChanged(_)).Times(AtLeast(1)); | 252 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
263 EXPECT_CALL(*observer(), | 253 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
264 OnEncryptedTypesChanged(_, false)); | |
265 EXPECT_CALL(*observer(), | |
266 OnEncryptionComplete()).Times(AtLeast(1)); | |
267 encryption_handler()->Init(); | 254 encryption_handler()->Init(); |
268 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 255 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
269 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 256 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
270 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 257 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
271 Mock::VerifyAndClearExpectations(observer()); | 258 Mock::VerifyAndClearExpectations(observer()); |
272 } | 259 } |
273 | 260 |
274 // Build a migrated nigori node with the specified default passphrase | 261 // Build a migrated nigori node with the specified default passphrase |
275 // as a custom passphrase. | 262 // as a custom passphrase. |
276 void InitCustomPassMigratedNigori(int64_t migration_time, | 263 void InitCustomPassMigratedNigori(int64_t migration_time, |
277 const std::string& default_passphrase) { | 264 const std::string& default_passphrase) { |
278 { | 265 { |
279 WriteTransaction trans(FROM_HERE, user_share()); | 266 WriteTransaction trans(FROM_HERE, user_share()); |
280 WriteNode nigori_node(&trans); | 267 WriteNode nigori_node(&trans); |
281 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 268 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
282 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( | 269 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( |
283 CUSTOM_PASSPHRASE, | 270 CUSTOM_PASSPHRASE, migration_time, default_passphrase, kKeystoreKey); |
284 migration_time, | |
285 default_passphrase, | |
286 kKeystoreKey); | |
287 nigori_node.SetNigoriSpecifics(nigori); | 271 nigori_node.SetNigoriSpecifics(nigori); |
288 } | 272 } |
289 | 273 |
290 EXPECT_CALL(*observer(), | 274 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
291 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 275 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); |
292 EXPECT_CALL(*observer(), | 276 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)) |
293 OnCryptographerStateChanged(_)).Times(AtLeast(1)); | 277 .Times(AtLeast(1)); |
294 EXPECT_CALL(*observer(), | 278 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
295 OnEncryptedTypesChanged(_, true)).Times(AtLeast(1)); | |
296 EXPECT_CALL(*observer(), | |
297 OnEncryptionComplete()).Times(AtLeast(1)); | |
298 encryption_handler()->Init(); | 279 encryption_handler()->Init(); |
299 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 280 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
300 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 281 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); |
301 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 282 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
302 Mock::VerifyAndClearExpectations(observer()); | 283 Mock::VerifyAndClearExpectations(observer()); |
303 } | 284 } |
304 | 285 |
305 // Build an unmigrated nigori node with the specified passphrase and type and | 286 // Build an unmigrated nigori node with the specified passphrase and type and |
306 // initialize the encryption handler with it. | 287 // initialize the encryption handler with it. |
307 void InitUnmigratedNigori(const std::string& default_passphrase, | 288 void InitUnmigratedNigori(const std::string& default_passphrase, |
308 PassphraseType passphrase_type) { | 289 PassphraseType passphrase_type) { |
309 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE); | 290 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE); |
310 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 291 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
311 KeyParams default_key = {"localhost", "dummy", default_passphrase}; | 292 KeyParams default_key = {"localhost", "dummy", default_passphrase}; |
312 other_cryptographer.AddKey(default_key); | 293 other_cryptographer.AddKey(default_key); |
313 EXPECT_TRUE(other_cryptographer.is_ready()); | 294 EXPECT_TRUE(other_cryptographer.is_ready()); |
314 | 295 |
315 { | 296 { |
316 WriteTransaction trans(FROM_HERE, user_share()); | 297 WriteTransaction trans(FROM_HERE, user_share()); |
317 WriteNode nigori_node(&trans); | 298 WriteNode nigori_node(&trans); |
318 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 299 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
319 sync_pb::NigoriSpecifics nigori; | 300 sync_pb::NigoriSpecifics nigori; |
320 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 301 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
321 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE); | 302 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE); |
322 nigori_node.SetNigoriSpecifics(nigori); | 303 nigori_node.SetNigoriSpecifics(nigori); |
323 } | 304 } |
324 | 305 |
325 if (passphrase_type != IMPLICIT_PASSPHRASE) { | 306 if (passphrase_type != IMPLICIT_PASSPHRASE) { |
326 EXPECT_CALL(*observer(), | 307 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(passphrase_type, _)); |
327 OnPassphraseTypeChanged(passphrase_type, _)); | |
328 } | 308 } |
329 EXPECT_CALL(*observer(), | 309 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); |
330 OnCryptographerStateChanged(_)).Times(AtLeast(1)); | 310 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
331 EXPECT_CALL(*observer(), | |
332 OnEncryptedTypesChanged(_, false)); | |
333 encryption_handler()->Init(); | 311 encryption_handler()->Init(); |
334 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 312 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
335 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type); | 313 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type); |
336 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 314 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
337 Mock::VerifyAndClearExpectations(observer()); | 315 Mock::VerifyAndClearExpectations(observer()); |
338 } | 316 } |
339 | 317 |
340 // Verify we can restore the SyncEncryptionHandler state using a saved | 318 // Verify we can restore the SyncEncryptionHandler state using a saved |
341 // |bootstrap_token| and |nigori_state|. | 319 // |bootstrap_token| and |nigori_state|. |
342 // | 320 // |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
380 | 358 |
381 StrictMock<SyncEncryptionHandlerObserverMock> observer2; | 359 StrictMock<SyncEncryptionHandlerObserverMock> observer2; |
382 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, std::string(), | 360 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, std::string(), |
383 std::string() /* bootstrap tokens */); | 361 std::string() /* bootstrap tokens */); |
384 handler2.AddObserver(&observer2); | 362 handler2.AddObserver(&observer2); |
385 | 363 |
386 // Just set the sensitive types (shouldn't trigger any notifications). | 364 // Just set the sensitive types (shouldn't trigger any notifications). |
387 ModelTypeSet encrypted_types(SyncEncryptionHandler::SensitiveTypes()); | 365 ModelTypeSet encrypted_types(SyncEncryptionHandler::SensitiveTypes()); |
388 { | 366 { |
389 WriteTransaction trans(FROM_HERE, user_share()); | 367 WriteTransaction trans(FROM_HERE, user_share()); |
390 encryption_handler()->MergeEncryptedTypes( | 368 encryption_handler()->MergeEncryptedTypes(encrypted_types, |
391 encrypted_types, | 369 trans.GetWrappedTrans()); |
392 trans.GetWrappedTrans()); | |
393 encryption_handler()->UpdateNigoriFromEncryptedTypes( | 370 encryption_handler()->UpdateNigoriFromEncryptedTypes( |
394 &nigori, | 371 &nigori, trans.GetWrappedTrans()); |
395 trans.GetWrappedTrans()); | |
396 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); | 372 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); |
397 } | 373 } |
398 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); | 374 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); |
399 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe()); | 375 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe()); |
400 | 376 |
401 Mock::VerifyAndClearExpectations(observer()); | 377 Mock::VerifyAndClearExpectations(observer()); |
402 Mock::VerifyAndClearExpectations(&observer2); | 378 Mock::VerifyAndClearExpectations(&observer2); |
403 | 379 |
404 ModelTypeSet encrypted_user_types = EncryptableUserTypes(); | 380 ModelTypeSet encrypted_user_types = EncryptableUserTypes(); |
405 | 381 |
406 EXPECT_CALL(*observer(), | 382 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( |
407 OnEncryptedTypesChanged( | 383 HasModelTypes(encrypted_user_types), false)); |
408 HasModelTypes(encrypted_user_types), false)); | 384 EXPECT_CALL(observer2, OnEncryptedTypesChanged( |
409 EXPECT_CALL(observer2, | 385 HasModelTypes(encrypted_user_types), false)); |
410 OnEncryptedTypesChanged( | |
411 HasModelTypes(encrypted_user_types), false)); | |
412 | 386 |
413 // Set all encrypted types | 387 // Set all encrypted types |
414 encrypted_types = EncryptableUserTypes(); | 388 encrypted_types = EncryptableUserTypes(); |
415 { | 389 { |
416 WriteTransaction trans(FROM_HERE, user_share()); | 390 WriteTransaction trans(FROM_HERE, user_share()); |
417 encryption_handler()->MergeEncryptedTypes( | 391 encryption_handler()->MergeEncryptedTypes(encrypted_types, |
418 encrypted_types, | 392 trans.GetWrappedTrans()); |
419 trans.GetWrappedTrans()); | |
420 encryption_handler()->UpdateNigoriFromEncryptedTypes( | 393 encryption_handler()->UpdateNigoriFromEncryptedTypes( |
421 &nigori, | 394 &nigori, trans.GetWrappedTrans()); |
422 trans.GetWrappedTrans()); | |
423 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); | 395 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); |
424 } | 396 } |
425 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); | 397 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); |
426 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe()); | 398 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe()); |
427 | 399 |
428 // Receiving an empty nigori should not reset any encrypted types or trigger | 400 // Receiving an empty nigori should not reset any encrypted types or trigger |
429 // an observer notification. | 401 // an observer notification. |
430 Mock::VerifyAndClearExpectations(observer()); | 402 Mock::VerifyAndClearExpectations(observer()); |
431 Mock::VerifyAndClearExpectations(&observer2); | 403 Mock::VerifyAndClearExpectations(&observer2); |
432 nigori = sync_pb::NigoriSpecifics(); | 404 nigori = sync_pb::NigoriSpecifics(); |
433 { | 405 { |
434 WriteTransaction trans(FROM_HERE, user_share()); | 406 WriteTransaction trans(FROM_HERE, user_share()); |
435 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); | 407 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); |
436 } | 408 } |
437 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); | 409 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); |
438 } | 410 } |
439 | 411 |
440 // Verify the encryption handler processes the encrypt everything field | 412 // Verify the encryption handler processes the encrypt everything field |
441 // properly. | 413 // properly. |
442 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingExplicit) { | 414 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingExplicit) { |
443 sync_pb::NigoriSpecifics nigori; | 415 sync_pb::NigoriSpecifics nigori; |
444 nigori.set_encrypt_everything(true); | 416 nigori.set_encrypt_everything(true); |
445 | 417 |
446 EXPECT_CALL(*observer(), | 418 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( |
447 OnEncryptedTypesChanged( | 419 HasModelTypes(EncryptableUserTypes()), true)); |
448 HasModelTypes(EncryptableUserTypes()), true)); | |
449 | 420 |
450 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 421 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
451 ModelTypeSet encrypted_types = | 422 ModelTypeSet encrypted_types = |
452 encryption_handler()->GetEncryptedTypesUnsafe(); | 423 encryption_handler()->GetEncryptedTypesUnsafe(); |
453 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); | 424 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); |
454 | 425 |
455 { | 426 { |
456 WriteTransaction trans(FROM_HERE, user_share()); | 427 WriteTransaction trans(FROM_HERE, user_share()); |
457 encryption_handler()->UpdateEncryptedTypesFromNigori( | 428 encryption_handler()->UpdateEncryptedTypesFromNigori( |
458 nigori, | 429 nigori, trans.GetWrappedTrans()); |
459 trans.GetWrappedTrans()); | |
460 } | 430 } |
461 | 431 |
462 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 432 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
463 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); | 433 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); |
464 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes())); | 434 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes())); |
465 | 435 |
466 // Receiving the nigori node again shouldn't trigger another notification. | 436 // Receiving the nigori node again shouldn't trigger another notification. |
467 Mock::VerifyAndClearExpectations(observer()); | 437 Mock::VerifyAndClearExpectations(observer()); |
468 { | 438 { |
469 WriteTransaction trans(FROM_HERE, user_share()); | 439 WriteTransaction trans(FROM_HERE, user_share()); |
470 encryption_handler()->UpdateEncryptedTypesFromNigori( | 440 encryption_handler()->UpdateEncryptedTypesFromNigori( |
471 nigori, | 441 nigori, trans.GetWrappedTrans()); |
472 trans.GetWrappedTrans()); | |
473 } | 442 } |
474 } | 443 } |
475 | 444 |
476 // Verify the encryption handler can detect an implicit encrypt everything state | 445 // Verify the encryption handler can detect an implicit encrypt everything state |
477 // (from clients that failed to write the encrypt everything field). | 446 // (from clients that failed to write the encrypt everything field). |
478 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingImplicit) { | 447 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingImplicit) { |
479 sync_pb::NigoriSpecifics nigori; | 448 sync_pb::NigoriSpecifics nigori; |
480 nigori.set_encrypt_bookmarks(true); // Non-passwords = encrypt everything | 449 nigori.set_encrypt_bookmarks(true); // Non-passwords = encrypt everything |
481 | 450 |
482 EXPECT_CALL(*observer(), | 451 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( |
483 OnEncryptedTypesChanged( | 452 HasModelTypes(EncryptableUserTypes()), true)); |
484 HasModelTypes(EncryptableUserTypes()), true)); | |
485 | 453 |
486 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 454 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
487 ModelTypeSet encrypted_types = | 455 ModelTypeSet encrypted_types = |
488 encryption_handler()->GetEncryptedTypesUnsafe(); | 456 encryption_handler()->GetEncryptedTypesUnsafe(); |
489 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); | 457 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); |
490 | 458 |
491 { | 459 { |
492 WriteTransaction trans(FROM_HERE, user_share()); | 460 WriteTransaction trans(FROM_HERE, user_share()); |
493 encryption_handler()->UpdateEncryptedTypesFromNigori( | 461 encryption_handler()->UpdateEncryptedTypesFromNigori( |
494 nigori, | 462 nigori, trans.GetWrappedTrans()); |
495 trans.GetWrappedTrans()); | |
496 } | 463 } |
497 | 464 |
498 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 465 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
499 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); | 466 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); |
500 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes())); | 467 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes())); |
501 | 468 |
502 // Receiving a nigori node with encrypt everything explicitly set shouldn't | 469 // Receiving a nigori node with encrypt everything explicitly set shouldn't |
503 // trigger another notification. | 470 // trigger another notification. |
504 Mock::VerifyAndClearExpectations(observer()); | 471 Mock::VerifyAndClearExpectations(observer()); |
505 nigori.set_encrypt_everything(true); | 472 nigori.set_encrypt_everything(true); |
506 { | 473 { |
507 WriteTransaction trans(FROM_HERE, user_share()); | 474 WriteTransaction trans(FROM_HERE, user_share()); |
508 encryption_handler()->UpdateEncryptedTypesFromNigori( | 475 encryption_handler()->UpdateEncryptedTypesFromNigori( |
509 nigori, | 476 nigori, trans.GetWrappedTrans()); |
510 trans.GetWrappedTrans()); | |
511 } | 477 } |
512 } | 478 } |
513 | 479 |
514 // Verify the encryption handler can deal with new versions treating new types | 480 // Verify the encryption handler can deal with new versions treating new types |
515 // as Sensitive, and that it does not consider this an implicit encrypt | 481 // as Sensitive, and that it does not consider this an implicit encrypt |
516 // everything case. | 482 // everything case. |
517 TEST_F(SyncEncryptionHandlerImplTest, UnknownSensitiveTypes) { | 483 TEST_F(SyncEncryptionHandlerImplTest, UnknownSensitiveTypes) { |
518 sync_pb::NigoriSpecifics nigori; | 484 sync_pb::NigoriSpecifics nigori; |
519 nigori.set_encrypt_everything(false); | 485 nigori.set_encrypt_everything(false); |
520 nigori.set_encrypt_bookmarks(true); | 486 nigori.set_encrypt_bookmarks(true); |
521 | 487 |
522 ModelTypeSet expected_encrypted_types = | 488 ModelTypeSet expected_encrypted_types = |
523 SyncEncryptionHandler::SensitiveTypes(); | 489 SyncEncryptionHandler::SensitiveTypes(); |
524 expected_encrypted_types.Put(BOOKMARKS); | 490 expected_encrypted_types.Put(BOOKMARKS); |
525 | 491 |
526 EXPECT_CALL(*observer(), | 492 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( |
527 OnEncryptedTypesChanged( | 493 HasModelTypes(expected_encrypted_types), false)); |
528 HasModelTypes(expected_encrypted_types), false)); | |
529 | 494 |
530 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 495 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
531 ModelTypeSet encrypted_types = | 496 ModelTypeSet encrypted_types = |
532 encryption_handler()->GetEncryptedTypesUnsafe(); | 497 encryption_handler()->GetEncryptedTypesUnsafe(); |
533 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); | 498 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); |
534 | 499 |
535 { | 500 { |
536 WriteTransaction trans(FROM_HERE, user_share()); | 501 WriteTransaction trans(FROM_HERE, user_share()); |
537 encryption_handler()->UpdateEncryptedTypesFromNigori( | 502 encryption_handler()->UpdateEncryptedTypesFromNigori( |
538 nigori, | 503 nigori, trans.GetWrappedTrans()); |
539 trans.GetWrappedTrans()); | |
540 } | 504 } |
541 | 505 |
542 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 506 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
543 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); | 507 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); |
544 EXPECT_EQ(ModelTypeSet(BOOKMARKS, PASSWORDS, WIFI_CREDENTIALS), | 508 EXPECT_EQ(ModelTypeSet(BOOKMARKS, PASSWORDS, WIFI_CREDENTIALS), |
545 encrypted_types); | 509 encrypted_types); |
546 } | 510 } |
547 | 511 |
548 // Receive an old nigori with old encryption keys and encrypted types. We should | 512 // Receive an old nigori with old encryption keys and encrypted types. We should |
549 // not revert our default key or encrypted types, and should post a task to | 513 // not revert our default key or encrypted types, and should post a task to |
550 // overwrite the existing nigori with the correct data. | 514 // overwrite the existing nigori with the correct data. |
551 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldNigori) { | 515 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldNigori) { |
552 KeyParams old_key = {"localhost", "dummy", "old"}; | 516 KeyParams old_key = {"localhost", "dummy", "old"}; |
553 KeyParams current_key = {"localhost", "dummy", "cur"}; | 517 KeyParams current_key = {"localhost", "dummy", "cur"}; |
554 | 518 |
555 // Data for testing encryption/decryption. | 519 // Data for testing encryption/decryption. |
556 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 520 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
557 other_cryptographer.AddKey(old_key); | 521 other_cryptographer.AddKey(old_key); |
558 sync_pb::EntitySpecifics other_encrypted_specifics; | 522 sync_pb::EntitySpecifics other_encrypted_specifics; |
559 other_encrypted_specifics.mutable_bookmark()->set_title("title"); | 523 other_encrypted_specifics.mutable_bookmark()->set_title("title"); |
560 other_cryptographer.Encrypt( | 524 other_cryptographer.Encrypt(other_encrypted_specifics, |
561 other_encrypted_specifics, | 525 other_encrypted_specifics.mutable_encrypted()); |
562 other_encrypted_specifics.mutable_encrypted()); | |
563 sync_pb::EntitySpecifics our_encrypted_specifics; | 526 sync_pb::EntitySpecifics our_encrypted_specifics; |
564 our_encrypted_specifics.mutable_bookmark()->set_title("title2"); | 527 our_encrypted_specifics.mutable_bookmark()->set_title("title2"); |
565 ModelTypeSet encrypted_types = EncryptableUserTypes(); | 528 ModelTypeSet encrypted_types = EncryptableUserTypes(); |
566 | 529 |
567 // Set up the current encryption state (containing both keys and encrypt | 530 // Set up the current encryption state (containing both keys and encrypt |
568 // everything). | 531 // everything). |
569 sync_pb::NigoriSpecifics current_nigori_specifics; | 532 sync_pb::NigoriSpecifics current_nigori_specifics; |
570 GetCryptographer()->AddKey(old_key); | 533 GetCryptographer()->AddKey(old_key); |
571 GetCryptographer()->AddKey(current_key); | 534 GetCryptographer()->AddKey(current_key); |
572 GetCryptographer()->Encrypt( | 535 GetCryptographer()->Encrypt(our_encrypted_specifics, |
573 our_encrypted_specifics, | 536 our_encrypted_specifics.mutable_encrypted()); |
574 our_encrypted_specifics.mutable_encrypted()); | |
575 GetCryptographer()->GetKeys( | 537 GetCryptographer()->GetKeys( |
576 current_nigori_specifics.mutable_encryption_keybag()); | 538 current_nigori_specifics.mutable_encryption_keybag()); |
577 current_nigori_specifics.set_encrypt_everything(true); | 539 current_nigori_specifics.set_encrypt_everything(true); |
578 | 540 |
579 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 541 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
580 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( | 542 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( |
581 HasModelTypes(EncryptableUserTypes()), true)); | 543 HasModelTypes(EncryptableUserTypes()), true)); |
582 { | 544 { |
583 // Update the encryption handler. | 545 // Update the encryption handler. |
584 WriteTransaction trans(FROM_HERE, user_share()); | 546 WriteTransaction trans(FROM_HERE, user_share()); |
585 encryption_handler()->ApplyNigoriUpdate( | 547 encryption_handler()->ApplyNigoriUpdate(current_nigori_specifics, |
586 current_nigori_specifics, | 548 trans.GetWrappedTrans()); |
587 trans.GetWrappedTrans()); | |
588 } | 549 } |
589 Mock::VerifyAndClearExpectations(observer()); | 550 Mock::VerifyAndClearExpectations(observer()); |
590 | 551 |
591 // Now set up the old nigori specifics and apply it on top. | 552 // Now set up the old nigori specifics and apply it on top. |
592 // Has an old set of keys, and no encrypted types. | 553 // Has an old set of keys, and no encrypted types. |
593 sync_pb::NigoriSpecifics old_nigori; | 554 sync_pb::NigoriSpecifics old_nigori; |
594 other_cryptographer.GetKeys(old_nigori.mutable_encryption_keybag()); | 555 other_cryptographer.GetKeys(old_nigori.mutable_encryption_keybag()); |
595 | 556 |
596 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 557 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
597 { | 558 { |
598 // Update the encryption handler. | 559 // Update the encryption handler. |
599 WriteTransaction trans(FROM_HERE, user_share()); | 560 WriteTransaction trans(FROM_HERE, user_share()); |
600 encryption_handler()->ApplyNigoriUpdate( | 561 encryption_handler()->ApplyNigoriUpdate(old_nigori, |
601 old_nigori, | 562 trans.GetWrappedTrans()); |
602 trans.GetWrappedTrans()); | |
603 } | 563 } |
604 EXPECT_TRUE(GetCryptographer()->is_ready()); | 564 EXPECT_TRUE(GetCryptographer()->is_ready()); |
605 EXPECT_FALSE(GetCryptographer()->has_pending_keys()); | 565 EXPECT_FALSE(GetCryptographer()->has_pending_keys()); |
606 | 566 |
607 // Encryption handler should have posted a task to overwrite the old | 567 // Encryption handler should have posted a task to overwrite the old |
608 // specifics. | 568 // specifics. |
609 PumpLoop(); | 569 PumpLoop(); |
610 | 570 |
611 { | 571 { |
612 // The cryptographer should be able to decrypt both sets of keys and still | 572 // The cryptographer should be able to decrypt both sets of keys and still |
613 // be encrypting with the newest, and the encrypted types should be the | 573 // be encrypting with the newest, and the encrypted types should be the |
614 // most recent. | 574 // most recent. |
615 // In addition, the nigori node should match the current encryption state. | 575 // In addition, the nigori node should match the current encryption state. |
616 ReadTransaction trans(FROM_HERE, user_share()); | 576 ReadTransaction trans(FROM_HERE, user_share()); |
617 ReadNode nigori_node(&trans); | 577 ReadNode nigori_node(&trans); |
618 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 578 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
619 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics(); | 579 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics(); |
620 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey( | 580 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey( |
621 our_encrypted_specifics.encrypted())); | 581 our_encrypted_specifics.encrypted())); |
622 EXPECT_TRUE(GetCryptographer()->CanDecrypt( | 582 EXPECT_TRUE( |
623 other_encrypted_specifics.encrypted())); | 583 GetCryptographer()->CanDecrypt(other_encrypted_specifics.encrypted())); |
624 EXPECT_TRUE(GetCryptographer()->CanDecrypt(nigori.encryption_keybag())); | 584 EXPECT_TRUE(GetCryptographer()->CanDecrypt(nigori.encryption_keybag())); |
625 EXPECT_TRUE(nigori.encrypt_everything()); | 585 EXPECT_TRUE(nigori.encrypt_everything()); |
626 EXPECT_TRUE( | 586 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey( |
627 GetCryptographer()->CanDecryptUsingDefaultKey( | 587 nigori.encryption_keybag())); |
628 nigori.encryption_keybag())); | |
629 } | 588 } |
630 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 589 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
631 } | 590 } |
632 | 591 |
633 // Ensure setting the keystore key works, updates the bootstrap token, and | 592 // Ensure setting the keystore key works, updates the bootstrap token, and |
634 // triggers a non-backwards compatible migration. Then verify that the | 593 // triggers a non-backwards compatible migration. Then verify that the |
635 // bootstrap token can be correctly parsed by the encryption handler at startup | 594 // bootstrap token can be correctly parsed by the encryption handler at startup |
636 // time. | 595 // time. |
637 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreMigratesAndUpdatesBootstrap) { | 596 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreMigratesAndUpdatesBootstrap) { |
638 // Passing no keys should do nothing. | 597 // Passing no keys should do nothing. |
(...skipping 17 matching lines...) Expand all Loading... |
656 keys.Add()->assign(kRawKeystoreKey); | 615 keys.Add()->assign(kRawKeystoreKey); |
657 | 616 |
658 // Pass them to the encryption handler, triggering a migration and bootstrap | 617 // Pass them to the encryption handler, triggering a migration and bootstrap |
659 // token update. | 618 // token update. |
660 std::string encoded_key; | 619 std::string encoded_key; |
661 std::string keystore_bootstrap; | 620 std::string keystore_bootstrap; |
662 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 621 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
663 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)); | 622 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)); |
664 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 623 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
665 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 624 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
666 EXPECT_CALL(*observer(), | 625 EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)) |
667 OnBootstrapTokenUpdated(_, | 626 .WillOnce(SaveArg<0>(&keystore_bootstrap)); |
668 KEYSTORE_BOOTSTRAP_TOKEN)). | |
669 WillOnce(SaveArg<0>(&keystore_bootstrap)); | |
670 { | 627 { |
671 WriteTransaction trans(FROM_HERE, user_share()); | 628 WriteTransaction trans(FROM_HERE, user_share()); |
672 EXPECT_TRUE( | 629 EXPECT_TRUE( |
673 encryption_handler()->SetKeystoreKeys( | 630 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans())); |
674 keys, | |
675 trans.GetWrappedTrans())); | |
676 EXPECT_FALSE( | 631 EXPECT_FALSE( |
677 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans())); | 632 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans())); |
678 EXPECT_FALSE(GetCryptographer()->is_initialized()); | 633 EXPECT_FALSE(GetCryptographer()->is_initialized()); |
679 } | 634 } |
680 PumpLoop(); | 635 PumpLoop(); |
681 EXPECT_TRUE(GetCryptographer()->is_initialized()); | 636 EXPECT_TRUE(GetCryptographer()->is_initialized()); |
682 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 637 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); |
683 | 638 |
684 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob | 639 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob |
685 // of list values containing the keystore keys). | 640 // of list values containing the keystore keys). |
686 std::string decoded_bootstrap; | 641 std::string decoded_bootstrap; |
687 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap)); | 642 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap)); |
688 std::string decrypted_bootstrap; | 643 std::string decrypted_bootstrap; |
689 ASSERT_TRUE( | 644 ASSERT_TRUE(GetCryptographer()->encryptor()->DecryptString( |
690 GetCryptographer()->encryptor()->DecryptString(decoded_bootstrap, | 645 decoded_bootstrap, &decrypted_bootstrap)); |
691 &decrypted_bootstrap)); | |
692 JSONStringValueDeserializer json(decrypted_bootstrap); | 646 JSONStringValueDeserializer json(decrypted_bootstrap); |
693 std::unique_ptr<base::Value> deserialized_keystore_keys( | 647 std::unique_ptr<base::Value> deserialized_keystore_keys( |
694 json.Deserialize(NULL, NULL)); | 648 json.Deserialize(NULL, NULL)); |
695 ASSERT_TRUE(deserialized_keystore_keys.get()); | 649 ASSERT_TRUE(deserialized_keystore_keys.get()); |
696 base::ListValue* keystore_list = NULL; | 650 base::ListValue* keystore_list = NULL; |
697 deserialized_keystore_keys->GetAsList(&keystore_list); | 651 deserialized_keystore_keys->GetAsList(&keystore_list); |
698 ASSERT_TRUE(keystore_list); | 652 ASSERT_TRUE(keystore_list); |
699 ASSERT_EQ(2U, keystore_list->GetSize()); | 653 ASSERT_EQ(2U, keystore_list->GetSize()); |
700 std::string test_string; | 654 std::string test_string; |
701 keystore_list->GetString(0, &test_string); | 655 keystore_list->GetString(0, &test_string); |
702 ASSERT_EQ(old_keystore_key, test_string); | 656 ASSERT_EQ(old_keystore_key, test_string); |
703 keystore_list->GetString(1, &test_string); | 657 keystore_list->GetString(1, &test_string); |
704 ASSERT_EQ(kKeystoreKey, test_string); | 658 ASSERT_EQ(kKeystoreKey, test_string); |
705 | 659 |
706 | |
707 // Now make sure a new encryption handler can correctly parse the bootstrap | 660 // Now make sure a new encryption handler can correctly parse the bootstrap |
708 // token. | 661 // token. |
709 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, | 662 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, |
710 std::string(), // Cryptographer bootstrap. | 663 std::string(), // Cryptographer bootstrap. |
711 keystore_bootstrap); | 664 keystore_bootstrap); |
712 | 665 |
713 { | 666 { |
714 WriteTransaction trans(FROM_HERE, user_share()); | 667 WriteTransaction trans(FROM_HERE, user_share()); |
715 EXPECT_FALSE(handler2.NeedKeystoreKey(trans.GetWrappedTrans())); | 668 EXPECT_FALSE(handler2.NeedKeystoreKey(trans.GetWrappedTrans())); |
716 } | 669 } |
717 } | 670 } |
718 | 671 |
719 // Ensure GetKeystoreDecryptor only updates the keystore decryptor token if it | 672 // Ensure GetKeystoreDecryptor only updates the keystore decryptor token if it |
720 // wasn't already set properly. Otherwise, the decryptor should remain the | 673 // wasn't already set properly. Otherwise, the decryptor should remain the |
721 // same. | 674 // same. |
722 TEST_F(SyncEncryptionHandlerImplTest, GetKeystoreDecryptor) { | 675 TEST_F(SyncEncryptionHandlerImplTest, GetKeystoreDecryptor) { |
723 const char kCurKey[] = "cur"; | 676 const char kCurKey[] = "cur"; |
724 sync_pb::EncryptedData encrypted; | 677 sync_pb::EncryptedData encrypted; |
725 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 678 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
726 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 679 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
727 other_cryptographer.AddKey(cur_key); | 680 other_cryptographer.AddKey(cur_key); |
728 EXPECT_TRUE(other_cryptographer.is_ready()); | 681 EXPECT_TRUE(other_cryptographer.is_ready()); |
729 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 682 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
730 other_cryptographer, | 683 other_cryptographer, kKeystoreKey, &encrypted)); |
731 kKeystoreKey, | |
732 &encrypted)); | |
733 std::string serialized = encrypted.SerializeAsString(); | 684 std::string serialized = encrypted.SerializeAsString(); |
734 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 685 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
735 other_cryptographer, | 686 other_cryptographer, kKeystoreKey, &encrypted)); |
736 kKeystoreKey, | |
737 &encrypted)); | |
738 EXPECT_EQ(serialized, encrypted.SerializeAsString()); | 687 EXPECT_EQ(serialized, encrypted.SerializeAsString()); |
739 } | 688 } |
740 | 689 |
741 // Test that we don't attempt to migrate while an implicit passphrase is pending | 690 // Test that we don't attempt to migrate while an implicit passphrase is pending |
742 // and that once we do decrypt pending keys we migrate the nigori. Once | 691 // and that once we do decrypt pending keys we migrate the nigori. Once |
743 // migrated, we should be in keystore passphrase state. | 692 // migrated, we should be in keystore passphrase state. |
744 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptImplicitPass) { | 693 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptImplicitPass) { |
745 const char kOtherKey[] = "other"; | 694 const char kOtherKey[] = "other"; |
746 { | 695 { |
747 EXPECT_CALL(*observer(), | 696 EXPECT_CALL(*observer(), |
748 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 697 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
749 ReadTransaction trans(FROM_HERE, user_share()); | 698 ReadTransaction trans(FROM_HERE, user_share()); |
750 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 699 encryption_handler()->SetKeystoreKeys( |
751 kRawKeystoreKey), | 700 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
752 trans.GetWrappedTrans()); | |
753 Mock::VerifyAndClearExpectations(observer()); | 701 Mock::VerifyAndClearExpectations(observer()); |
754 } | 702 } |
755 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 703 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
756 | 704 |
757 { | 705 { |
758 WriteTransaction trans(FROM_HERE, user_share()); | 706 WriteTransaction trans(FROM_HERE, user_share()); |
759 WriteNode nigori_node(&trans); | 707 WriteNode nigori_node(&trans); |
760 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 708 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
761 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 709 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
762 KeyParams other_key = {"localhost", "dummy", kOtherKey}; | 710 KeyParams other_key = {"localhost", "dummy", kOtherKey}; |
763 other_cryptographer.AddKey(other_key); | 711 other_cryptographer.AddKey(other_key); |
764 | 712 |
765 sync_pb::NigoriSpecifics nigori; | 713 sync_pb::NigoriSpecifics nigori; |
766 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 714 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
767 nigori.set_keybag_is_frozen(false); | 715 nigori.set_keybag_is_frozen(false); |
768 nigori.set_encrypt_everything(false); | 716 nigori.set_encrypt_everything(false); |
769 EXPECT_CALL(*observer(), | 717 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
770 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 718 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
771 EXPECT_CALL(*observer(), | |
772 OnPassphraseRequired(_, _)); | |
773 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 719 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
774 nigori_node.SetNigoriSpecifics(nigori); | 720 nigori_node.SetNigoriSpecifics(nigori); |
775 } | 721 } |
776 // Run any tasks posted via AppplyNigoriUpdate. | 722 // Run any tasks posted via AppplyNigoriUpdate. |
777 PumpLoop(); | 723 PumpLoop(); |
778 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 724 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
779 Mock::VerifyAndClearExpectations(observer()); | 725 Mock::VerifyAndClearExpectations(observer()); |
780 | 726 |
781 EXPECT_CALL(*observer(), | 727 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
782 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 728 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
783 EXPECT_CALL(*observer(), | 729 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
784 OnPassphraseAccepted()); | |
785 EXPECT_CALL(*observer(), | |
786 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
787 EXPECT_CALL(*observer(), | 730 EXPECT_CALL(*observer(), |
788 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 731 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
789 EXPECT_CALL(*observer(), | 732 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
790 OnEncryptionComplete()); | |
791 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 733 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
792 encryption_handler()->SetDecryptionPassphrase(kOtherKey); | 734 encryption_handler()->SetDecryptionPassphrase(kOtherKey); |
793 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 735 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
794 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 736 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
795 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey); | 737 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey); |
796 } | 738 } |
797 | 739 |
798 // Test that we don't attempt to migrate while a custom passphrase is pending, | 740 // Test that we don't attempt to migrate while a custom passphrase is pending, |
799 // and that once we do decrypt pending keys we migrate the nigori. Once | 741 // and that once we do decrypt pending keys we migrate the nigori. Once |
800 // migrated, we should be in custom passphrase state with encrypt everything. | 742 // migrated, we should be in custom passphrase state with encrypt everything. |
801 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) { | 743 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) { |
802 const char kOtherKey[] = "other"; | 744 const char kOtherKey[] = "other"; |
803 { | 745 { |
804 EXPECT_CALL(*observer(), | 746 EXPECT_CALL(*observer(), |
805 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 747 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
806 ReadTransaction trans(FROM_HERE, user_share()); | 748 ReadTransaction trans(FROM_HERE, user_share()); |
807 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 749 encryption_handler()->SetKeystoreKeys( |
808 kRawKeystoreKey), | 750 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
809 trans.GetWrappedTrans()); | |
810 Mock::VerifyAndClearExpectations(observer()); | 751 Mock::VerifyAndClearExpectations(observer()); |
811 } | 752 } |
812 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 753 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
813 | 754 |
814 { | 755 { |
815 WriteTransaction trans(FROM_HERE, user_share()); | 756 WriteTransaction trans(FROM_HERE, user_share()); |
816 WriteNode nigori_node(&trans); | 757 WriteNode nigori_node(&trans); |
817 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 758 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
818 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 759 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
819 KeyParams other_key = {"localhost", "dummy", kOtherKey}; | 760 KeyParams other_key = {"localhost", "dummy", kOtherKey}; |
820 other_cryptographer.AddKey(other_key); | 761 other_cryptographer.AddKey(other_key); |
821 | 762 |
822 sync_pb::NigoriSpecifics nigori; | 763 sync_pb::NigoriSpecifics nigori; |
823 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 764 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
824 nigori.set_keybag_is_frozen(true); | 765 nigori.set_keybag_is_frozen(true); |
825 nigori.set_encrypt_everything(false); | 766 nigori.set_encrypt_everything(false); |
826 EXPECT_CALL(*observer(), | 767 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
827 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 768 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
828 EXPECT_CALL(*observer(), | 769 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
829 OnPassphraseRequired(_, _)); | |
830 EXPECT_CALL(*observer(), | |
831 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | |
832 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 770 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
833 nigori_node.SetNigoriSpecifics(nigori); | 771 nigori_node.SetNigoriSpecifics(nigori); |
834 } | 772 } |
835 // Run any tasks posted via AppplyNigoriUpdate. | 773 // Run any tasks posted via AppplyNigoriUpdate. |
836 PumpLoop(); | 774 PumpLoop(); |
837 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 775 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
838 Mock::VerifyAndClearExpectations(observer()); | 776 Mock::VerifyAndClearExpectations(observer()); |
839 | 777 |
840 EXPECT_CALL(*observer(), | 778 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
841 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 779 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
842 EXPECT_CALL(*observer(), | |
843 OnPassphraseAccepted()); | |
844 std::string captured_bootstrap_token; | 780 std::string captured_bootstrap_token; |
845 EXPECT_CALL(*observer(), | 781 EXPECT_CALL(*observer(), |
846 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 782 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
847 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 783 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
848 EXPECT_CALL(*observer(), | 784 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
849 OnEncryptedTypesChanged(_, true)); | |
850 SyncEncryptionHandler::NigoriState captured_nigori_state; | 785 SyncEncryptionHandler::NigoriState captured_nigori_state; |
851 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 786 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
852 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 787 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
853 EXPECT_CALL(*observer(), | 788 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); |
854 OnEncryptionComplete()).Times(2); | |
855 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 789 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
856 encryption_handler()->SetDecryptionPassphrase(kOtherKey); | 790 encryption_handler()->SetDecryptionPassphrase(kOtherKey); |
857 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 791 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
858 const base::Time migration_time = encryption_handler()->migration_time(); | 792 const base::Time migration_time = encryption_handler()->migration_time(); |
859 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 793 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
860 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey); | 794 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey); |
861 | 795 |
862 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kOtherKey, | 796 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kOtherKey, |
863 captured_bootstrap_token, | 797 captured_bootstrap_token, |
864 captured_nigori_state, CUSTOM_PASSPHRASE); | 798 captured_nigori_state, CUSTOM_PASSPHRASE); |
865 } | 799 } |
866 | 800 |
867 // Test that we trigger a migration when we set the keystore key, had an | 801 // Test that we trigger a migration when we set the keystore key, had an |
868 // implicit passphrase, and did not have encrypt everything. We should switch | 802 // implicit passphrase, and did not have encrypt everything. We should switch |
869 // to KEYSTORE_PASSPHRASE. | 803 // to KEYSTORE_PASSPHRASE. |
870 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) { | 804 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) { |
871 const char kCurKey[] = "cur"; | 805 const char kCurKey[] = "cur"; |
872 KeyParams current_key = {"localhost", "dummy", kCurKey}; | 806 KeyParams current_key = {"localhost", "dummy", kCurKey}; |
873 GetCryptographer()->AddKey(current_key); | 807 GetCryptographer()->AddKey(current_key); |
874 EXPECT_CALL(*observer(), | 808 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
875 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 809 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
876 EXPECT_CALL(*observer(), | 810 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
877 OnEncryptedTypesChanged(_, false)); | |
878 EXPECT_CALL(*observer(), | |
879 OnEncryptionComplete()); | |
880 encryption_handler()->Init(); | 811 encryption_handler()->Init(); |
881 Mock::VerifyAndClearExpectations(observer()); | 812 Mock::VerifyAndClearExpectations(observer()); |
882 | 813 |
883 { | 814 { |
884 ReadTransaction trans(FROM_HERE, user_share()); | 815 ReadTransaction trans(FROM_HERE, user_share()); |
885 // Once we provide a keystore key, we should perform the migration. | 816 // Once we provide a keystore key, we should perform the migration. |
886 EXPECT_CALL(*observer(), | 817 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
887 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
888 EXPECT_CALL(*observer(), | 818 EXPECT_CALL(*observer(), |
889 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 819 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
890 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 820 encryption_handler()->SetKeystoreKeys( |
891 kRawKeystoreKey), | 821 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
892 trans.GetWrappedTrans()); | |
893 } | 822 } |
894 EXPECT_CALL(*observer(), | 823 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
895 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
896 // The actual migration gets posted, so run all pending tasks. | 824 // The actual migration gets posted, so run all pending tasks. |
897 PumpLoop(); | 825 PumpLoop(); |
898 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 826 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
899 EXPECT_EQ(KEYSTORE_PASSPHRASE, | 827 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
900 encryption_handler()->GetPassphraseType()); | |
901 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 828 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
902 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); | 829 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); |
903 } | 830 } |
904 | 831 |
905 // Test that we trigger a migration when we set the keystore key, had an | 832 // Test that we trigger a migration when we set the keystore key, had an |
906 // implicit passphrase, and encrypt everything enabled. We should switch to | 833 // implicit passphrase, and encrypt everything enabled. We should switch to |
907 // FROZEN_IMPLICIT_PASSPHRASE. | 834 // FROZEN_IMPLICIT_PASSPHRASE. |
908 TEST_F(SyncEncryptionHandlerImplTest, | 835 TEST_F(SyncEncryptionHandlerImplTest, |
909 MigrateOnKeystoreKeyAvailableFrozenImplicit) { | 836 MigrateOnKeystoreKeyAvailableFrozenImplicit) { |
910 const char kCurKey[] = "cur"; | 837 const char kCurKey[] = "cur"; |
911 KeyParams current_key = {"localhost", "dummy", kCurKey}; | 838 KeyParams current_key = {"localhost", "dummy", kCurKey}; |
912 GetCryptographer()->AddKey(current_key); | 839 GetCryptographer()->AddKey(current_key); |
913 EXPECT_CALL(*observer(), | 840 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
914 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 841 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
915 EXPECT_CALL(*observer(), | 842 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
916 OnEncryptedTypesChanged(_, false)); | |
917 EXPECT_CALL(*observer(), | |
918 OnEncryptionComplete()); | |
919 encryption_handler()->Init(); | 843 encryption_handler()->Init(); |
920 Mock::VerifyAndClearExpectations(observer()); | 844 Mock::VerifyAndClearExpectations(observer()); |
921 EXPECT_CALL(*observer(), | 845 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
922 OnEncryptedTypesChanged(_, true)); | |
923 SyncEncryptionHandler::NigoriState captured_nigori_state; | 846 SyncEncryptionHandler::NigoriState captured_nigori_state; |
924 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 847 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
925 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 848 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
926 EXPECT_CALL(*observer(), | 849 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
927 OnEncryptionComplete()); | |
928 encryption_handler()->EnableEncryptEverything(); | 850 encryption_handler()->EnableEncryptEverything(); |
929 | 851 |
930 { | 852 { |
931 ReadTransaction trans(FROM_HERE, user_share()); | 853 ReadTransaction trans(FROM_HERE, user_share()); |
932 // Once we provide a keystore key, we should perform the migration. | 854 // Once we provide a keystore key, we should perform the migration. |
933 EXPECT_CALL(*observer(), | 855 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
934 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
935 EXPECT_CALL(*observer(), | 856 EXPECT_CALL(*observer(), |
936 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 857 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
937 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 858 encryption_handler()->SetKeystoreKeys( |
938 kRawKeystoreKey), | 859 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
939 trans.GetWrappedTrans()); | |
940 } | 860 } |
941 EXPECT_CALL(*observer(), | 861 EXPECT_CALL(*observer(), |
942 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); | 862 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); |
943 | 863 |
944 // The actual migration gets posted, so run all pending tasks. | 864 // The actual migration gets posted, so run all pending tasks. |
945 PumpLoop(); | 865 PumpLoop(); |
946 Mock::VerifyAndClearExpectations(observer()); | 866 Mock::VerifyAndClearExpectations(observer()); |
947 | 867 |
948 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 868 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
949 const base::Time migration_time = encryption_handler()->migration_time(); | 869 const base::Time migration_time = encryption_handler()->migration_time(); |
(...skipping 11 matching lines...) Expand all Loading... |
961 TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token, | 881 TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token, |
962 captured_nigori_state, FROZEN_IMPLICIT_PASSPHRASE); | 882 captured_nigori_state, FROZEN_IMPLICIT_PASSPHRASE); |
963 } | 883 } |
964 | 884 |
965 // Test that we trigger a migration when we set the keystore key, had a | 885 // Test that we trigger a migration when we set the keystore key, had a |
966 // custom passphrase, and encrypt everything enabled. The passphrase state | 886 // custom passphrase, and encrypt everything enabled. The passphrase state |
967 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same. | 887 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same. |
968 TEST_F(SyncEncryptionHandlerImplTest, | 888 TEST_F(SyncEncryptionHandlerImplTest, |
969 MigrateOnKeystoreKeyAvailableCustomWithEncryption) { | 889 MigrateOnKeystoreKeyAvailableCustomWithEncryption) { |
970 const char kCurKey[] = "cur"; | 890 const char kCurKey[] = "cur"; |
971 EXPECT_CALL(*observer(), | 891 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
972 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 892 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
973 EXPECT_CALL(*observer(), | 893 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
974 OnPassphraseRequired(_, _)); | 894 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
975 EXPECT_CALL(*observer(), | 895 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
976 OnPassphraseAccepted()); | 896 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
977 EXPECT_CALL(*observer(), | |
978 OnEncryptedTypesChanged(_, false)); | |
979 EXPECT_CALL(*observer(), | |
980 OnEncryptionComplete()); | |
981 EXPECT_CALL(*observer(), | |
982 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | |
983 std::string captured_bootstrap_token; | 897 std::string captured_bootstrap_token; |
984 EXPECT_CALL(*observer(), | 898 EXPECT_CALL(*observer(), |
985 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 899 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
986 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 900 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
987 encryption_handler()->Init(); | 901 encryption_handler()->Init(); |
988 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); | 902 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); |
989 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 903 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
990 Mock::VerifyAndClearExpectations(observer()); | 904 Mock::VerifyAndClearExpectations(observer()); |
991 | 905 |
992 EXPECT_CALL(*observer(), | 906 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
993 OnEncryptedTypesChanged(_, true)); | 907 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
994 EXPECT_CALL(*observer(), | |
995 OnEncryptionComplete()); | |
996 encryption_handler()->EnableEncryptEverything(); | 908 encryption_handler()->EnableEncryptEverything(); |
997 Mock::VerifyAndClearExpectations(observer()); | 909 Mock::VerifyAndClearExpectations(observer()); |
998 | 910 |
999 SyncEncryptionHandler::NigoriState captured_nigori_state; | 911 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1000 { | 912 { |
1001 ReadTransaction trans(FROM_HERE, user_share()); | 913 ReadTransaction trans(FROM_HERE, user_share()); |
1002 // Once we provide a keystore key, we should perform the migration. | 914 // Once we provide a keystore key, we should perform the migration. |
1003 EXPECT_CALL(*observer(), | 915 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1004 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1005 EXPECT_CALL(*observer(), | 916 EXPECT_CALL(*observer(), |
1006 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 917 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1007 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 918 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1008 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 919 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1009 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 920 encryption_handler()->SetKeystoreKeys( |
1010 kRawKeystoreKey), | 921 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1011 trans.GetWrappedTrans()); | |
1012 } | 922 } |
1013 | 923 |
1014 // The actual migration gets posted, so run all pending tasks. | 924 // The actual migration gets posted, so run all pending tasks. |
1015 PumpLoop(); | 925 PumpLoop(); |
1016 Mock::VerifyAndClearExpectations(observer()); | 926 Mock::VerifyAndClearExpectations(observer()); |
1017 | 927 |
1018 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 928 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1019 const base::Time migration_time = encryption_handler()->migration_time(); | 929 const base::Time migration_time = encryption_handler()->migration_time(); |
1020 EXPECT_EQ(CUSTOM_PASSPHRASE, | 930 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
1021 encryption_handler()->GetPassphraseType()); | |
1022 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 931 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1023 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); | 932 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); |
1024 | 933 |
1025 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, | 934 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, |
1026 captured_bootstrap_token, | 935 captured_bootstrap_token, |
1027 captured_nigori_state, CUSTOM_PASSPHRASE); | 936 captured_nigori_state, CUSTOM_PASSPHRASE); |
1028 } | 937 } |
1029 | 938 |
1030 // Test that we trigger a migration when we set the keystore key, had a | 939 // Test that we trigger a migration when we set the keystore key, had a |
1031 // custom passphrase, and did not have encrypt everything. The passphrase state | 940 // custom passphrase, and did not have encrypt everything. The passphrase state |
1032 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled. | 941 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled. |
1033 TEST_F(SyncEncryptionHandlerImplTest, | 942 TEST_F(SyncEncryptionHandlerImplTest, |
1034 MigrateOnKeystoreKeyAvailableCustomNoEncryption) { | 943 MigrateOnKeystoreKeyAvailableCustomNoEncryption) { |
1035 const char kCurKey[] = "cur"; | 944 const char kCurKey[] = "cur"; |
1036 EXPECT_CALL(*observer(), | 945 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1037 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 946 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1038 EXPECT_CALL(*observer(), | 947 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1039 OnPassphraseRequired(_, _)); | 948 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1040 EXPECT_CALL(*observer(), | 949 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1041 OnPassphraseAccepted()); | 950 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
1042 EXPECT_CALL(*observer(), | |
1043 OnEncryptedTypesChanged(_, false)); | |
1044 EXPECT_CALL(*observer(), | |
1045 OnEncryptionComplete()); | |
1046 EXPECT_CALL(*observer(), | |
1047 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | |
1048 std::string captured_bootstrap_token; | 951 std::string captured_bootstrap_token; |
1049 EXPECT_CALL(*observer(), | 952 EXPECT_CALL(*observer(), |
1050 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 953 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1051 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 954 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1052 encryption_handler()->Init(); | 955 encryption_handler()->Init(); |
1053 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); | 956 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); |
1054 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 957 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
1055 Mock::VerifyAndClearExpectations(observer()); | 958 Mock::VerifyAndClearExpectations(observer()); |
1056 | 959 |
1057 { | 960 { |
1058 ReadTransaction trans(FROM_HERE, user_share()); | 961 ReadTransaction trans(FROM_HERE, user_share()); |
1059 // Once we provide a keystore key, we should perform the migration. | 962 // Once we provide a keystore key, we should perform the migration. |
1060 EXPECT_CALL(*observer(), | 963 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1061 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1062 EXPECT_CALL(*observer(), | 964 EXPECT_CALL(*observer(), |
1063 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 965 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1064 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 966 encryption_handler()->SetKeystoreKeys( |
1065 kRawKeystoreKey), | 967 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1066 trans.GetWrappedTrans()); | |
1067 } | 968 } |
1068 EXPECT_CALL(*observer(), | 969 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1069 OnEncryptedTypesChanged(_, true)); | |
1070 SyncEncryptionHandler::NigoriState captured_nigori_state; | 970 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1071 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 971 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1072 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 972 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1073 EXPECT_CALL(*observer(), | 973 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1074 OnEncryptionComplete()); | |
1075 // The actual migration gets posted, so run all pending tasks. | 974 // The actual migration gets posted, so run all pending tasks. |
1076 PumpLoop(); | 975 PumpLoop(); |
1077 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 976 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1078 const base::Time migration_time = encryption_handler()->migration_time(); | 977 const base::Time migration_time = encryption_handler()->migration_time(); |
1079 EXPECT_EQ(CUSTOM_PASSPHRASE, | 978 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
1080 encryption_handler()->GetPassphraseType()); | |
1081 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 979 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1082 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); | 980 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); |
1083 | 981 |
1084 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, | 982 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, |
1085 captured_bootstrap_token, | 983 captured_bootstrap_token, |
1086 captured_nigori_state, CUSTOM_PASSPHRASE); | 984 captured_nigori_state, CUSTOM_PASSPHRASE); |
1087 } | 985 } |
1088 | 986 |
1089 // Test that we can handle receiving a migrated nigori node in the | 987 // Test that we can handle receiving a migrated nigori node in the |
1090 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the | 988 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the |
1091 // keybag. | 989 // keybag. |
1092 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) { | 990 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) { |
1093 const char kCurKey[] = "cur"; | 991 const char kCurKey[] = "cur"; |
1094 sync_pb::EncryptedData keystore_decryptor_token; | 992 sync_pb::EncryptedData keystore_decryptor_token; |
1095 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 993 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1096 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 994 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1097 other_cryptographer.AddKey(cur_key); | 995 other_cryptographer.AddKey(cur_key); |
1098 EXPECT_TRUE(other_cryptographer.is_ready()); | 996 EXPECT_TRUE(other_cryptographer.is_ready()); |
1099 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 997 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1100 other_cryptographer, | 998 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1101 kKeystoreKey, | |
1102 &keystore_decryptor_token)); | |
1103 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 999 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1104 EXPECT_FALSE(GetCryptographer()->is_ready()); | 1000 EXPECT_FALSE(GetCryptographer()->is_ready()); |
1105 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1001 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1106 | 1002 |
1107 // Now build a nigori node with the generated keystore decryptor token and | 1003 // Now build a nigori node with the generated keystore decryptor token and |
1108 // initialize the encryption handler with it. The cryptographer should be | 1004 // initialize the encryption handler with it. The cryptographer should be |
1109 // initialized properly to decrypt both kCurKey and kKeystoreKey. | 1005 // initialized properly to decrypt both kCurKey and kKeystoreKey. |
1110 { | 1006 { |
1111 WriteTransaction trans(FROM_HERE, user_share()); | 1007 WriteTransaction trans(FROM_HERE, user_share()); |
1112 WriteNode nigori_node(&trans); | 1008 WriteNode nigori_node(&trans); |
1113 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1009 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1114 sync_pb::NigoriSpecifics nigori; | 1010 sync_pb::NigoriSpecifics nigori; |
1115 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1011 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1116 keystore_decryptor_token); | 1012 keystore_decryptor_token); |
1117 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1013 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1118 nigori.set_keybag_is_frozen(true); | 1014 nigori.set_keybag_is_frozen(true); |
1119 nigori.set_keystore_migration_time(1); | 1015 nigori.set_keystore_migration_time(1); |
1120 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1016 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1121 | 1017 |
1122 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1018 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1123 EXPECT_CALL(*observer(), | 1019 EXPECT_CALL(*observer(), |
1124 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1020 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1125 EXPECT_CALL(*observer(), | 1021 EXPECT_CALL(*observer(), |
1126 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1022 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1127 EXPECT_CALL(*observer(), | 1023 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
1128 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1024 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1129 EXPECT_CALL(*observer(), | 1025 encryption_handler()->SetKeystoreKeys( |
1130 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1026 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1131 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | |
1132 kRawKeystoreKey), | |
1133 trans.GetWrappedTrans()); | |
1134 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1027 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1135 nigori_node.SetNigoriSpecifics(nigori); | 1028 nigori_node.SetNigoriSpecifics(nigori); |
1136 } | 1029 } |
1137 // Run any tasks posted via AppplyNigoriUpdate. | 1030 // Run any tasks posted via AppplyNigoriUpdate. |
1138 PumpLoop(); | 1031 PumpLoop(); |
1139 Mock::VerifyAndClearExpectations(observer()); | 1032 Mock::VerifyAndClearExpectations(observer()); |
1140 | 1033 |
1141 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1034 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1142 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1035 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1143 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1036 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1144 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1037 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1145 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); | 1038 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); |
1146 | 1039 |
1147 // Check that the cryptographer still encrypts with the current key. | 1040 // Check that the cryptographer still encrypts with the current key. |
1148 sync_pb::EncryptedData current_encrypted; | 1041 sync_pb::EncryptedData current_encrypted; |
1149 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1042 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1150 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1043 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1151 | 1044 |
1152 // Check that the cryptographer can decrypt keystore key based encryption. | 1045 // Check that the cryptographer can decrypt keystore key based encryption. |
1153 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1046 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1154 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1047 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1155 keystore_cryptographer.AddKey(keystore_key); | 1048 keystore_cryptographer.AddKey(keystore_key); |
1156 sync_pb::EncryptedData keystore_encrypted; | 1049 sync_pb::EncryptedData keystore_encrypted; |
1157 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1050 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1158 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1051 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1159 } | 1052 } |
1160 | 1053 |
1161 // Test that we handle receiving migrated nigori's with | 1054 // Test that we handle receiving migrated nigori's with |
1162 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until | 1055 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until |
1163 // we supply the pending frozen implicit passphrase key. | 1056 // we supply the pending frozen implicit passphrase key. |
1164 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) { | 1057 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) { |
1165 const char kCurKey[] = "cur"; | 1058 const char kCurKey[] = "cur"; |
1166 sync_pb::EncryptedData encrypted; | 1059 sync_pb::EncryptedData encrypted; |
1167 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1060 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1168 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1061 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1169 other_cryptographer.AddKey(cur_key); | 1062 other_cryptographer.AddKey(cur_key); |
1170 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1063 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1171 | 1064 |
1172 { | 1065 { |
1173 EXPECT_CALL(*observer(), | 1066 EXPECT_CALL(*observer(), |
1174 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1067 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1175 ReadTransaction trans(FROM_HERE, user_share()); | 1068 ReadTransaction trans(FROM_HERE, user_share()); |
1176 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1069 encryption_handler()->SetKeystoreKeys( |
1177 kRawKeystoreKey), | 1070 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1178 trans.GetWrappedTrans()); | |
1179 } | 1071 } |
1180 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1072 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1181 | 1073 |
1182 { | 1074 { |
1183 EXPECT_CALL(*observer(), | 1075 EXPECT_CALL(*observer(), |
1184 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); | 1076 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); |
1185 EXPECT_CALL(*observer(), | 1077 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1186 OnPassphraseRequired(_, _)); | 1078 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1187 EXPECT_CALL(*observer(), | 1079 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1188 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1189 EXPECT_CALL(*observer(), | |
1190 OnEncryptedTypesChanged(_, true)); | |
1191 WriteTransaction trans(FROM_HERE, user_share()); | 1080 WriteTransaction trans(FROM_HERE, user_share()); |
1192 WriteNode nigori_node(&trans); | 1081 WriteNode nigori_node(&trans); |
1193 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1082 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1194 sync_pb::NigoriSpecifics nigori; | 1083 sync_pb::NigoriSpecifics nigori; |
1195 nigori.set_keybag_is_frozen(true); | 1084 nigori.set_keybag_is_frozen(true); |
1196 nigori.set_passphrase_type( | 1085 nigori.set_passphrase_type( |
1197 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 1086 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
1198 nigori.set_keystore_migration_time(1); | 1087 nigori.set_keystore_migration_time(1); |
1199 nigori.set_encrypt_everything(true); | 1088 nigori.set_encrypt_everything(true); |
1200 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1089 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1201 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1090 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1202 nigori_node.SetNigoriSpecifics(nigori); | 1091 nigori_node.SetNigoriSpecifics(nigori); |
1203 } | 1092 } |
1204 // Run any tasks posted via AppplyNigoriUpdate. | 1093 // Run any tasks posted via AppplyNigoriUpdate. |
1205 PumpLoop(); | 1094 PumpLoop(); |
1206 Mock::VerifyAndClearExpectations(observer()); | 1095 Mock::VerifyAndClearExpectations(observer()); |
1207 | 1096 |
1208 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1097 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1209 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, | 1098 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, |
1210 encryption_handler()->GetPassphraseType()); | 1099 encryption_handler()->GetPassphraseType()); |
1211 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1100 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1212 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1101 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1213 | 1102 |
1214 EXPECT_CALL(*observer(), | 1103 EXPECT_CALL(*observer(), |
1215 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1104 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1216 EXPECT_CALL(*observer(), | 1105 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1217 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1106 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1218 EXPECT_CALL(*observer(), | 1107 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1219 OnEncryptionComplete()); | |
1220 EXPECT_CALL(*observer(), | |
1221 OnPassphraseAccepted()); | |
1222 encryption_handler()->SetDecryptionPassphrase(kCurKey); | 1108 encryption_handler()->SetDecryptionPassphrase(kCurKey); |
1223 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1109 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1224 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1110 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1225 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); | 1111 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); |
1226 | 1112 |
1227 // Check that the cryptographer still encrypts with the current key. | 1113 // Check that the cryptographer still encrypts with the current key. |
1228 sync_pb::EncryptedData current_encrypted; | 1114 sync_pb::EncryptedData current_encrypted; |
1229 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1115 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1230 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1116 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1231 | 1117 |
1232 // Check that the cryptographer can decrypt keystore key based encryption. | 1118 // Check that the cryptographer can decrypt keystore key based encryption. |
1233 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1119 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1234 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1120 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1235 keystore_cryptographer.AddKey(keystore_key); | 1121 keystore_cryptographer.AddKey(keystore_key); |
1236 sync_pb::EncryptedData keystore_encrypted; | 1122 sync_pb::EncryptedData keystore_encrypted; |
1237 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1123 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1238 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1124 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1239 } | 1125 } |
1240 | 1126 |
1241 // Test that we handle receiving migrated nigori's with | 1127 // Test that we handle receiving migrated nigori's with |
1242 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we | 1128 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we |
1243 // provide the custom passphrase key. | 1129 // provide the custom passphrase key. |
1244 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) { | 1130 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) { |
1245 const char kCurKey[] = "cur"; | 1131 const char kCurKey[] = "cur"; |
1246 sync_pb::EncryptedData encrypted; | 1132 sync_pb::EncryptedData encrypted; |
1247 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1133 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1248 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1134 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1249 other_cryptographer.AddKey(cur_key); | 1135 other_cryptographer.AddKey(cur_key); |
1250 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1136 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1251 | 1137 |
1252 { | 1138 { |
1253 EXPECT_CALL(*observer(), | 1139 EXPECT_CALL(*observer(), |
1254 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1140 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1255 ReadTransaction trans(FROM_HERE, user_share()); | 1141 ReadTransaction trans(FROM_HERE, user_share()); |
1256 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1142 encryption_handler()->SetKeystoreKeys( |
1257 kRawKeystoreKey), | 1143 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1258 trans.GetWrappedTrans()); | |
1259 } | 1144 } |
1260 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1145 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1261 | 1146 |
1262 { | 1147 { |
1263 EXPECT_CALL(*observer(), | 1148 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
1264 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1149 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1265 EXPECT_CALL(*observer(), | 1150 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1266 OnPassphraseRequired(_, _)); | 1151 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1267 EXPECT_CALL(*observer(), | |
1268 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1269 EXPECT_CALL(*observer(), | |
1270 OnEncryptedTypesChanged(_, true)); | |
1271 WriteTransaction trans(FROM_HERE, user_share()); | 1152 WriteTransaction trans(FROM_HERE, user_share()); |
1272 WriteNode nigori_node(&trans); | 1153 WriteNode nigori_node(&trans); |
1273 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1154 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1274 sync_pb::NigoriSpecifics nigori; | 1155 sync_pb::NigoriSpecifics nigori; |
1275 nigori.set_keybag_is_frozen(true); | 1156 nigori.set_keybag_is_frozen(true); |
1276 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); | 1157 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); |
1277 nigori.set_keystore_migration_time(1); | 1158 nigori.set_keystore_migration_time(1); |
1278 nigori.set_encrypt_everything(true); | 1159 nigori.set_encrypt_everything(true); |
1279 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1160 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1280 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1161 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1281 nigori_node.SetNigoriSpecifics(nigori); | 1162 nigori_node.SetNigoriSpecifics(nigori); |
1282 } | 1163 } |
1283 // Run any tasks posted via AppplyNigoriUpdate. | 1164 // Run any tasks posted via AppplyNigoriUpdate. |
1284 PumpLoop(); | 1165 PumpLoop(); |
1285 Mock::VerifyAndClearExpectations(observer()); | 1166 Mock::VerifyAndClearExpectations(observer()); |
1286 | 1167 |
1287 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1168 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1288 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 1169 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
1289 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1170 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1290 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1171 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1291 | 1172 |
1292 EXPECT_CALL(*observer(), | 1173 EXPECT_CALL(*observer(), |
1293 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1174 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1294 EXPECT_CALL(*observer(), | 1175 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1295 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1176 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1296 EXPECT_CALL(*observer(), | 1177 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1297 OnEncryptionComplete()); | |
1298 EXPECT_CALL(*observer(), | |
1299 OnPassphraseAccepted()); | |
1300 encryption_handler()->SetDecryptionPassphrase(kCurKey); | 1178 encryption_handler()->SetDecryptionPassphrase(kCurKey); |
1301 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1179 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1302 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1180 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1303 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); | 1181 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); |
1304 | 1182 |
1305 // Check that the cryptographer still encrypts with the current key. | 1183 // Check that the cryptographer still encrypts with the current key. |
1306 sync_pb::EncryptedData current_encrypted; | 1184 sync_pb::EncryptedData current_encrypted; |
1307 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1185 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1308 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1186 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1309 | 1187 |
1310 // Check that the cryptographer can decrypt keystore key based encryption. | 1188 // Check that the cryptographer can decrypt keystore key based encryption. |
1311 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1189 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1312 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1190 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1313 keystore_cryptographer.AddKey(keystore_key); | 1191 keystore_cryptographer.AddKey(keystore_key); |
1314 sync_pb::EncryptedData keystore_encrypted; | 1192 sync_pb::EncryptedData keystore_encrypted; |
1315 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1193 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1316 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1194 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1317 } | 1195 } |
1318 | 1196 |
1319 // Test that if we have a migrated nigori with a custom passphrase, then receive | 1197 // Test that if we have a migrated nigori with a custom passphrase, then receive |
1320 // and old implicit passphrase nigori, we properly overwrite it with the current | 1198 // and old implicit passphrase nigori, we properly overwrite it with the current |
1321 // state. | 1199 // state. |
1322 TEST_F(SyncEncryptionHandlerImplTest, ReceiveUnmigratedNigoriAfterMigration) { | 1200 TEST_F(SyncEncryptionHandlerImplTest, ReceiveUnmigratedNigoriAfterMigration) { |
(...skipping 13 matching lines...) Expand all Loading... |
1336 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1214 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1337 sync_pb::NigoriSpecifics nigori; | 1215 sync_pb::NigoriSpecifics nigori; |
1338 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); | 1216 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); |
1339 nigori.set_keybag_is_frozen(true); | 1217 nigori.set_keybag_is_frozen(true); |
1340 nigori.set_keystore_migration_time(1); | 1218 nigori.set_keystore_migration_time(1); |
1341 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); | 1219 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); |
1342 nigori.set_encrypt_everything(true); | 1220 nigori.set_encrypt_everything(true); |
1343 nigori_node.SetNigoriSpecifics(nigori); | 1221 nigori_node.SetNigoriSpecifics(nigori); |
1344 } | 1222 } |
1345 | 1223 |
1346 EXPECT_CALL(*observer(), | 1224 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
1347 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1225 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1348 EXPECT_CALL(*observer(), | 1226 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2); |
1349 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1227 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1350 EXPECT_CALL(*observer(), | |
1351 OnEncryptedTypesChanged(_, true)).Times(2); | |
1352 EXPECT_CALL(*observer(), | |
1353 OnEncryptionComplete()); | |
1354 encryption_handler()->Init(); | 1228 encryption_handler()->Init(); |
1355 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1229 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1356 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1230 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1357 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1231 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); |
1358 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1232 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1359 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey); | 1233 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey); |
1360 | 1234 |
1361 { | 1235 { |
1362 EXPECT_CALL(*observer(), | 1236 EXPECT_CALL(*observer(), |
1363 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1237 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1364 ReadTransaction trans(FROM_HERE, user_share()); | 1238 ReadTransaction trans(FROM_HERE, user_share()); |
1365 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1239 encryption_handler()->SetKeystoreKeys( |
1366 kRawKeystoreKey), | 1240 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1367 trans.GetWrappedTrans()); | |
1368 } | 1241 } |
1369 Mock::VerifyAndClearExpectations(observer()); | 1242 Mock::VerifyAndClearExpectations(observer()); |
1370 | 1243 |
1371 // Now build an old unmigrated nigori node with old encrypted types. We should | 1244 // Now build an old unmigrated nigori node with old encrypted types. We should |
1372 // properly overwrite it with the migrated + encrypt everything state. | 1245 // properly overwrite it with the migrated + encrypt everything state. |
1373 EXPECT_CALL(*observer(), | 1246 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1374 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1375 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1247 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1376 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1248 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1377 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1249 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1378 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1250 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1379 { | 1251 { |
1380 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1252 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1381 other_cryptographer.AddKey(old_key); | 1253 other_cryptographer.AddKey(old_key); |
1382 WriteTransaction trans(FROM_HERE, user_share()); | 1254 WriteTransaction trans(FROM_HERE, user_share()); |
1383 WriteNode nigori_node(&trans); | 1255 WriteNode nigori_node(&trans); |
1384 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1256 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1427 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1299 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1428 sync_pb::NigoriSpecifics nigori; | 1300 sync_pb::NigoriSpecifics nigori; |
1429 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); | 1301 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); |
1430 nigori.set_keybag_is_frozen(true); | 1302 nigori.set_keybag_is_frozen(true); |
1431 nigori.set_keystore_migration_time(1); | 1303 nigori.set_keystore_migration_time(1); |
1432 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); | 1304 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); |
1433 nigori.set_encrypt_everything(true); | 1305 nigori.set_encrypt_everything(true); |
1434 nigori_node.SetNigoriSpecifics(nigori); | 1306 nigori_node.SetNigoriSpecifics(nigori); |
1435 } | 1307 } |
1436 | 1308 |
1437 EXPECT_CALL(*observer(), | 1309 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
1438 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1310 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1439 EXPECT_CALL(*observer(), | 1311 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2); |
1440 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1312 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1441 EXPECT_CALL(*observer(), | |
1442 OnEncryptedTypesChanged(_, true)).Times(2); | |
1443 EXPECT_CALL(*observer(), | |
1444 OnEncryptionComplete()); | |
1445 encryption_handler()->Init(); | 1313 encryption_handler()->Init(); |
1446 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1314 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1447 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1315 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1448 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1316 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); |
1449 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1317 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1450 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); | 1318 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); |
1451 | 1319 |
1452 { | 1320 { |
1453 EXPECT_CALL(*observer(), | 1321 EXPECT_CALL(*observer(), |
1454 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1322 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1455 ReadTransaction trans(FROM_HERE, user_share()); | 1323 ReadTransaction trans(FROM_HERE, user_share()); |
1456 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1324 encryption_handler()->SetKeystoreKeys( |
1457 kRawKeystoreKey), | 1325 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1458 trans.GetWrappedTrans()); | |
1459 } | 1326 } |
1460 Mock::VerifyAndClearExpectations(observer()); | 1327 Mock::VerifyAndClearExpectations(observer()); |
1461 | 1328 |
1462 // Now build an old keystore nigori node with old encrypted types. We should | 1329 // Now build an old keystore nigori node with old encrypted types. We should |
1463 // properly overwrite it with the migrated + encrypt everything state. | 1330 // properly overwrite it with the migrated + encrypt everything state. |
1464 EXPECT_CALL(*observer(), | 1331 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1465 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1466 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1332 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1467 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1333 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1468 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1334 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1469 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1335 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1470 const int64_t migration_time = 1; | 1336 const int64_t migration_time = 1; |
1471 { | 1337 { |
1472 WriteTransaction trans(FROM_HERE, user_share()); | 1338 WriteTransaction trans(FROM_HERE, user_share()); |
1473 WriteNode nigori_node(&trans); | 1339 WriteNode nigori_node(&trans); |
1474 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1340 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1475 sync_pb::NigoriSpecifics nigori; | 1341 sync_pb::NigoriSpecifics nigori; |
1476 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1342 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1477 other_cryptographer.AddKey(old_key); | 1343 other_cryptographer.AddKey(old_key); |
1478 encryption_handler()->GetKeystoreDecryptor( | 1344 encryption_handler()->GetKeystoreDecryptor( |
1479 other_cryptographer, | 1345 other_cryptographer, kKeystoreKey, |
1480 kKeystoreKey, | |
1481 nigori.mutable_keystore_decryptor_token()); | 1346 nigori.mutable_keystore_decryptor_token()); |
1482 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1347 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1483 nigori.set_keybag_is_frozen(true); | 1348 nigori.set_keybag_is_frozen(true); |
1484 nigori.set_encrypt_everything(false); | 1349 nigori.set_encrypt_everything(false); |
1485 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1350 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1486 nigori.set_keystore_migration_time(migration_time); | 1351 nigori.set_keystore_migration_time(migration_time); |
1487 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1352 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1488 nigori_node.SetNigoriSpecifics(nigori); | 1353 nigori_node.SetNigoriSpecifics(nigori); |
1489 } | 1354 } |
1490 PumpLoop(); | 1355 PumpLoop(); |
(...skipping 18 matching lines...) Expand all Loading... |
1509 // Test that if we receive the keystore key after receiving a migrated nigori | 1374 // Test that if we receive the keystore key after receiving a migrated nigori |
1510 // node, we properly use the keystore decryptor token to decrypt the keybag. | 1375 // node, we properly use the keystore decryptor token to decrypt the keybag. |
1511 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) { | 1376 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) { |
1512 const char kCurKey[] = "cur"; | 1377 const char kCurKey[] = "cur"; |
1513 sync_pb::EncryptedData keystore_decryptor_token; | 1378 sync_pb::EncryptedData keystore_decryptor_token; |
1514 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1379 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1515 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1380 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1516 other_cryptographer.AddKey(cur_key); | 1381 other_cryptographer.AddKey(cur_key); |
1517 EXPECT_TRUE(other_cryptographer.is_ready()); | 1382 EXPECT_TRUE(other_cryptographer.is_ready()); |
1518 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1383 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1519 other_cryptographer, | 1384 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1520 kKeystoreKey, | |
1521 &keystore_decryptor_token)); | |
1522 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1385 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1523 EXPECT_FALSE(GetCryptographer()->is_ready()); | 1386 EXPECT_FALSE(GetCryptographer()->is_ready()); |
1524 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1387 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1525 | 1388 |
1526 // Now build a nigori node with the generated keystore decryptor token and | 1389 // Now build a nigori node with the generated keystore decryptor token and |
1527 // initialize the encryption handler with it. The cryptographer should be | 1390 // initialize the encryption handler with it. The cryptographer should be |
1528 // initialized properly to decrypt both kCurKey and kKeystoreKey. | 1391 // initialized properly to decrypt both kCurKey and kKeystoreKey. |
1529 { | 1392 { |
1530 WriteTransaction trans(FROM_HERE, user_share()); | 1393 WriteTransaction trans(FROM_HERE, user_share()); |
1531 WriteNode nigori_node(&trans); | 1394 WriteNode nigori_node(&trans); |
1532 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1395 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1533 sync_pb::NigoriSpecifics nigori; | 1396 sync_pb::NigoriSpecifics nigori; |
1534 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1397 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1535 keystore_decryptor_token); | 1398 keystore_decryptor_token); |
1536 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1399 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1537 nigori.set_keybag_is_frozen(true); | 1400 nigori.set_keybag_is_frozen(true); |
1538 nigori.set_keystore_migration_time(1); | 1401 nigori.set_keystore_migration_time(1); |
1539 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1402 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1540 | 1403 |
1541 EXPECT_CALL(*observer(), | 1404 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
1542 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1405 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1543 EXPECT_CALL(*observer(), | 1406 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1544 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1545 EXPECT_CALL(*observer(), | |
1546 OnPassphraseRequired(_, _)); | |
1547 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1407 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1548 nigori_node.SetNigoriSpecifics(nigori); | 1408 nigori_node.SetNigoriSpecifics(nigori); |
1549 } | 1409 } |
1550 // Run any tasks posted via AppplyNigoriUpdate. | 1410 // Run any tasks posted via AppplyNigoriUpdate. |
1551 PumpLoop(); | 1411 PumpLoop(); |
1552 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1412 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1553 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1413 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1554 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1414 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1555 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1415 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1556 Mock::VerifyAndClearExpectations(observer()); | 1416 Mock::VerifyAndClearExpectations(observer()); |
1557 | 1417 |
1558 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1418 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1559 EXPECT_CALL(*observer(), | 1419 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1560 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1561 EXPECT_CALL(*observer(), | 1420 EXPECT_CALL(*observer(), |
1562 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1421 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1563 { | 1422 { |
1564 EXPECT_CALL(*observer(), | 1423 EXPECT_CALL(*observer(), |
1565 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1424 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1566 ReadTransaction trans(FROM_HERE, user_share()); | 1425 ReadTransaction trans(FROM_HERE, user_share()); |
1567 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1426 encryption_handler()->SetKeystoreKeys( |
1568 kRawKeystoreKey), | 1427 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1569 trans.GetWrappedTrans()); | |
1570 } | 1428 } |
1571 PumpLoop(); | 1429 PumpLoop(); |
1572 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1430 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1573 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1431 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1574 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1432 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1575 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1433 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1576 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); | 1434 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); |
1577 | 1435 |
1578 // Check that the cryptographer still encrypts with the current key. | 1436 // Check that the cryptographer still encrypts with the current key. |
1579 sync_pb::EncryptedData current_encrypted; | 1437 sync_pb::EncryptedData current_encrypted; |
1580 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1438 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1581 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1439 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1582 | 1440 |
1583 // Check that the cryptographer can decrypt keystore key based encryption. | 1441 // Check that the cryptographer can decrypt keystore key based encryption. |
1584 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1442 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1585 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1443 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1586 keystore_cryptographer.AddKey(keystore_key); | 1444 keystore_cryptographer.AddKey(keystore_key); |
1587 sync_pb::EncryptedData keystore_encrypted; | 1445 sync_pb::EncryptedData keystore_encrypted; |
1588 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1446 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1589 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1447 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1590 } | 1448 } |
1591 | 1449 |
1592 // Test that after receiving a migrated nigori and decrypting it using the | 1450 // Test that after receiving a migrated nigori and decrypting it using the |
1593 // keystore key, we can then switch to a custom passphrase. The nigori should | 1451 // keystore key, we can then switch to a custom passphrase. The nigori should |
1594 // remain migrated and encrypt everything should be enabled. | 1452 // remain migrated and encrypt everything should be enabled. |
1595 TEST_F(SyncEncryptionHandlerImplTest, SetCustomPassAfterMigration) { | 1453 TEST_F(SyncEncryptionHandlerImplTest, SetCustomPassAfterMigration) { |
1596 const char kOldKey[] = "old"; | 1454 const char kOldKey[] = "old"; |
1597 sync_pb::EncryptedData keystore_decryptor_token; | 1455 sync_pb::EncryptedData keystore_decryptor_token; |
1598 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1456 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1599 KeyParams cur_key = {"localhost", "dummy", kOldKey}; | 1457 KeyParams cur_key = {"localhost", "dummy", kOldKey}; |
1600 other_cryptographer.AddKey(cur_key); | 1458 other_cryptographer.AddKey(cur_key); |
1601 EXPECT_TRUE(other_cryptographer.is_ready()); | 1459 EXPECT_TRUE(other_cryptographer.is_ready()); |
1602 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1460 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1603 other_cryptographer, | 1461 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1604 kKeystoreKey, | |
1605 &keystore_decryptor_token)); | |
1606 | 1462 |
1607 // Build a nigori node with the generated keystore decryptor token and | 1463 // Build a nigori node with the generated keystore decryptor token and |
1608 // initialize the encryption handler with it. The cryptographer should be | 1464 // initialize the encryption handler with it. The cryptographer should be |
1609 // initialized properly to decrypt both kOldKey and kKeystoreKey. | 1465 // initialized properly to decrypt both kOldKey and kKeystoreKey. |
1610 const int64_t migration_time = 1; | 1466 const int64_t migration_time = 1; |
1611 { | 1467 { |
1612 WriteTransaction trans(FROM_HERE, user_share()); | 1468 WriteTransaction trans(FROM_HERE, user_share()); |
1613 WriteNode nigori_node(&trans); | 1469 WriteNode nigori_node(&trans); |
1614 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1470 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1615 sync_pb::NigoriSpecifics nigori; | 1471 sync_pb::NigoriSpecifics nigori; |
1616 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1472 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1617 keystore_decryptor_token); | 1473 keystore_decryptor_token); |
1618 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1474 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1619 nigori.set_keybag_is_frozen(true); | 1475 nigori.set_keybag_is_frozen(true); |
1620 nigori.set_keystore_migration_time(migration_time); | 1476 nigori.set_keystore_migration_time(migration_time); |
1621 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1477 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1622 nigori_node.SetNigoriSpecifics(nigori); | 1478 nigori_node.SetNigoriSpecifics(nigori); |
1623 EXPECT_CALL(*observer(), | 1479 EXPECT_CALL(*observer(), |
1624 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1480 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1625 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1481 encryption_handler()->SetKeystoreKeys( |
1626 kRawKeystoreKey), | 1482 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1627 trans.GetWrappedTrans()); | |
1628 } | 1483 } |
1629 | 1484 |
1630 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1485 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1631 EXPECT_CALL(*observer(), | 1486 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
1632 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1487 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1633 EXPECT_CALL(*observer(), | 1488 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1634 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1635 EXPECT_CALL(*observer(), | |
1636 OnEncryptedTypesChanged(_, false)); | |
1637 EXPECT_CALL(*observer(), | 1489 EXPECT_CALL(*observer(), |
1638 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1490 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1639 EXPECT_CALL(*observer(), | 1491 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1640 OnEncryptionComplete()); | |
1641 encryption_handler()->Init(); | 1492 encryption_handler()->Init(); |
1642 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1493 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1643 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1494 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1644 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1495 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1645 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1496 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1646 Mock::VerifyAndClearExpectations(observer()); | 1497 Mock::VerifyAndClearExpectations(observer()); |
1647 | 1498 |
1648 const char kNewKey[] = "new_key"; | 1499 const char kNewKey[] = "new_key"; |
1649 EXPECT_CALL(*observer(), | 1500 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1650 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1501 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
1651 EXPECT_CALL(*observer(), | |
1652 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | |
1653 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1502 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1654 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1503 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1655 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1504 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1656 std::string captured_bootstrap_token; | 1505 std::string captured_bootstrap_token; |
1657 EXPECT_CALL(*observer(), | 1506 EXPECT_CALL(*observer(), |
1658 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 1507 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1659 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 1508 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1660 EXPECT_CALL(*observer(), | 1509 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1661 OnPassphraseAccepted()); | 1510 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1662 EXPECT_CALL(*observer(), | 1511 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); |
1663 OnEncryptedTypesChanged(_, true)); | |
1664 EXPECT_CALL(*observer(), | |
1665 OnEncryptionComplete()).Times(2); | |
1666 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); | 1512 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); |
1667 Mock::VerifyAndClearExpectations(observer()); | 1513 Mock::VerifyAndClearExpectations(observer()); |
1668 | 1514 |
1669 EXPECT_FALSE(captured_bootstrap_token.empty()); | 1515 EXPECT_FALSE(captured_bootstrap_token.empty()); |
1670 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1516 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1671 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1517 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1672 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1518 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); |
1673 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1519 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1674 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 1520 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
1675 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); | 1521 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); |
1676 | 1522 |
1677 // Check that the cryptographer can decrypt the old key. | 1523 // Check that the cryptographer can decrypt the old key. |
1678 sync_pb::EncryptedData old_encrypted; | 1524 sync_pb::EncryptedData old_encrypted; |
1679 other_cryptographer.EncryptString("string", &old_encrypted); | 1525 other_cryptographer.EncryptString("string", &old_encrypted); |
1680 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); | 1526 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); |
1681 | 1527 |
1682 // Check that the cryptographer can decrypt keystore key based encryption. | 1528 // Check that the cryptographer can decrypt keystore key based encryption. |
1683 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1529 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1684 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1530 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1685 keystore_cryptographer.AddKey(keystore_key); | 1531 keystore_cryptographer.AddKey(keystore_key); |
1686 sync_pb::EncryptedData keystore_encrypted; | 1532 sync_pb::EncryptedData keystore_encrypted; |
1687 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1533 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1688 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1534 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1689 | 1535 |
1690 // Check the the cryptographer is encrypting with the new key. | 1536 // Check the the cryptographer is encrypting with the new key. |
1691 KeyParams new_key = {"localhost", "dummy", kNewKey}; | 1537 KeyParams new_key = {"localhost", "dummy", kNewKey}; |
1692 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); | 1538 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); |
1693 new_cryptographer.AddKey(new_key); | 1539 new_cryptographer.AddKey(new_key); |
1694 sync_pb::EncryptedData new_encrypted; | 1540 sync_pb::EncryptedData new_encrypted; |
(...skipping 15 matching lines...) Expand all Loading... |
1710 SetCustomPassAfterMigrationNoKeystoreKey) { | 1556 SetCustomPassAfterMigrationNoKeystoreKey) { |
1711 const char kOldKey[] = "old"; | 1557 const char kOldKey[] = "old"; |
1712 sync_pb::EncryptedData keystore_decryptor_token; | 1558 sync_pb::EncryptedData keystore_decryptor_token; |
1713 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1559 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1714 KeyParams cur_key = {"localhost", "dummy", kOldKey}; | 1560 KeyParams cur_key = {"localhost", "dummy", kOldKey}; |
1715 other_cryptographer.AddKey(cur_key); | 1561 other_cryptographer.AddKey(cur_key); |
1716 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1562 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1717 other_cryptographer.AddNonDefaultKey(keystore_key); | 1563 other_cryptographer.AddNonDefaultKey(keystore_key); |
1718 EXPECT_TRUE(other_cryptographer.is_ready()); | 1564 EXPECT_TRUE(other_cryptographer.is_ready()); |
1719 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1565 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1720 other_cryptographer, | 1566 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1721 kKeystoreKey, | |
1722 &keystore_decryptor_token)); | |
1723 | 1567 |
1724 // Build a nigori node with the generated keystore decryptor token and | 1568 // Build a nigori node with the generated keystore decryptor token and |
1725 // initialize the encryption handler with it. The cryptographer will have | 1569 // initialize the encryption handler with it. The cryptographer will have |
1726 // pending keys until we provide the decryption passphrase. | 1570 // pending keys until we provide the decryption passphrase. |
1727 const int64_t migration_time = 1; | 1571 const int64_t migration_time = 1; |
1728 { | 1572 { |
1729 WriteTransaction trans(FROM_HERE, user_share()); | 1573 WriteTransaction trans(FROM_HERE, user_share()); |
1730 WriteNode nigori_node(&trans); | 1574 WriteNode nigori_node(&trans); |
1731 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1575 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1732 sync_pb::NigoriSpecifics nigori; | 1576 sync_pb::NigoriSpecifics nigori; |
1733 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1577 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1734 keystore_decryptor_token); | 1578 keystore_decryptor_token); |
1735 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1579 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1736 nigori.set_keybag_is_frozen(true); | 1580 nigori.set_keybag_is_frozen(true); |
1737 nigori.set_keystore_migration_time(migration_time); | 1581 nigori.set_keystore_migration_time(migration_time); |
1738 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1582 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1739 nigori_node.SetNigoriSpecifics(nigori); | 1583 nigori_node.SetNigoriSpecifics(nigori); |
1740 } | 1584 } |
1741 | 1585 |
1742 EXPECT_CALL(*observer(), | 1586 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1743 OnPassphraseRequired(_, _)); | 1587 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
1744 EXPECT_CALL(*observer(), | 1588 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1745 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1589 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1746 EXPECT_CALL(*observer(), | |
1747 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1748 EXPECT_CALL(*observer(), | |
1749 OnEncryptedTypesChanged(_, false)); | |
1750 encryption_handler()->Init(); | 1590 encryption_handler()->Init(); |
1751 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1591 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1752 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1592 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1753 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1593 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1754 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1594 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1755 Mock::VerifyAndClearExpectations(observer()); | 1595 Mock::VerifyAndClearExpectations(observer()); |
1756 | 1596 |
1757 EXPECT_CALL(*observer(), | 1597 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1758 OnPassphraseAccepted()); | 1598 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1759 EXPECT_CALL(*observer(), | |
1760 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1761 EXPECT_CALL(*observer(), | 1599 EXPECT_CALL(*observer(), |
1762 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1600 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1763 EXPECT_CALL(*observer(), | 1601 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1764 OnEncryptionComplete()); | |
1765 encryption_handler()->SetDecryptionPassphrase(kOldKey); | 1602 encryption_handler()->SetDecryptionPassphrase(kOldKey); |
1766 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1603 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1767 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1604 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1768 Mock::VerifyAndClearExpectations(observer()); | 1605 Mock::VerifyAndClearExpectations(observer()); |
1769 | 1606 |
1770 const char kNewKey[] = "new_key"; | 1607 const char kNewKey[] = "new_key"; |
1771 EXPECT_CALL(*observer(), | 1608 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1772 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1609 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); |
1773 EXPECT_CALL(*observer(), | |
1774 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | |
1775 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1610 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1776 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1611 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1777 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1612 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1778 std::string captured_bootstrap_token; | 1613 std::string captured_bootstrap_token; |
1779 EXPECT_CALL(*observer(), | 1614 EXPECT_CALL(*observer(), |
1780 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 1615 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1781 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 1616 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1782 EXPECT_CALL(*observer(), | 1617 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1783 OnPassphraseAccepted()); | 1618 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1784 EXPECT_CALL(*observer(), | 1619 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); |
1785 OnEncryptedTypesChanged(_, true)); | |
1786 EXPECT_CALL(*observer(), | |
1787 OnEncryptionComplete()).Times(2); | |
1788 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); | 1620 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); |
1789 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1621 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1790 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1622 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1791 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1623 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); |
1792 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1624 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1793 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 1625 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
1794 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); | 1626 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); |
1795 | 1627 |
1796 // Check that the cryptographer can decrypt the old key. | 1628 // Check that the cryptographer can decrypt the old key. |
1797 sync_pb::EncryptedData old_encrypted; | 1629 sync_pb::EncryptedData old_encrypted; |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1829 SetImplicitPassAfterMigrationNoKeystoreKey) { | 1661 SetImplicitPassAfterMigrationNoKeystoreKey) { |
1830 const char kOldKey[] = "old"; | 1662 const char kOldKey[] = "old"; |
1831 sync_pb::EncryptedData keystore_decryptor_token; | 1663 sync_pb::EncryptedData keystore_decryptor_token; |
1832 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1664 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1833 KeyParams cur_key = {"localhost", "dummy", kOldKey}; | 1665 KeyParams cur_key = {"localhost", "dummy", kOldKey}; |
1834 other_cryptographer.AddKey(cur_key); | 1666 other_cryptographer.AddKey(cur_key); |
1835 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1667 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1836 other_cryptographer.AddNonDefaultKey(keystore_key); | 1668 other_cryptographer.AddNonDefaultKey(keystore_key); |
1837 EXPECT_TRUE(other_cryptographer.is_ready()); | 1669 EXPECT_TRUE(other_cryptographer.is_ready()); |
1838 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1670 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1839 other_cryptographer, | 1671 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1840 kKeystoreKey, | |
1841 &keystore_decryptor_token)); | |
1842 | 1672 |
1843 // Build a nigori node with the generated keystore decryptor token and | 1673 // Build a nigori node with the generated keystore decryptor token and |
1844 // initialize the encryption handler with it. The cryptographer will have | 1674 // initialize the encryption handler with it. The cryptographer will have |
1845 // pending keys until we provide the decryption passphrase. | 1675 // pending keys until we provide the decryption passphrase. |
1846 { | 1676 { |
1847 WriteTransaction trans(FROM_HERE, user_share()); | 1677 WriteTransaction trans(FROM_HERE, user_share()); |
1848 WriteNode nigori_node(&trans); | 1678 WriteNode nigori_node(&trans); |
1849 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1679 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1850 sync_pb::NigoriSpecifics nigori; | 1680 sync_pb::NigoriSpecifics nigori; |
1851 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1681 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1852 keystore_decryptor_token); | 1682 keystore_decryptor_token); |
1853 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1683 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1854 nigori.set_keybag_is_frozen(true); | 1684 nigori.set_keybag_is_frozen(true); |
1855 nigori.set_keystore_migration_time(1); | 1685 nigori.set_keystore_migration_time(1); |
1856 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1686 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1857 nigori_node.SetNigoriSpecifics(nigori); | 1687 nigori_node.SetNigoriSpecifics(nigori); |
1858 } | 1688 } |
1859 | 1689 |
1860 EXPECT_CALL(*observer(), | 1690 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1861 OnPassphraseRequired(_, _)); | 1691 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
1862 EXPECT_CALL(*observer(), | 1692 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1863 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1693 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1864 EXPECT_CALL(*observer(), | |
1865 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1866 EXPECT_CALL(*observer(), | |
1867 OnEncryptedTypesChanged(_, false)); | |
1868 encryption_handler()->Init(); | 1694 encryption_handler()->Init(); |
1869 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1695 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1870 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1696 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1871 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1697 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1872 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1698 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1873 Mock::VerifyAndClearExpectations(observer()); | 1699 Mock::VerifyAndClearExpectations(observer()); |
1874 | 1700 |
1875 EXPECT_CALL(*observer(), | 1701 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1876 OnPassphraseAccepted()); | 1702 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1877 EXPECT_CALL(*observer(), | |
1878 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1879 EXPECT_CALL(*observer(), | 1703 EXPECT_CALL(*observer(), |
1880 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1704 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1881 EXPECT_CALL(*observer(), | 1705 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1882 OnEncryptionComplete()); | |
1883 encryption_handler()->SetDecryptionPassphrase(kOldKey); | 1706 encryption_handler()->SetDecryptionPassphrase(kOldKey); |
1884 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1707 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1885 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1708 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1886 Mock::VerifyAndClearExpectations(observer()); | 1709 Mock::VerifyAndClearExpectations(observer()); |
1887 | 1710 |
1888 // Should get dropped on the floor silently. | 1711 // Should get dropped on the floor silently. |
1889 const char kNewKey[] = "new_key"; | 1712 const char kNewKey[] = "new_key"; |
1890 encryption_handler()->SetEncryptionPassphrase(kNewKey, false); | 1713 encryption_handler()->SetEncryptionPassphrase(kNewKey, false); |
1891 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1714 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1892 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1715 EXPECT_TRUE(GetCryptographer()->is_ready()); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1924 MigrateOnEncryptEverythingKeystorePassphrase) { | 1747 MigrateOnEncryptEverythingKeystorePassphrase) { |
1925 const char kCurKey[] = "cur"; | 1748 const char kCurKey[] = "cur"; |
1926 sync_pb::EncryptedData keystore_decryptor_token; | 1749 sync_pb::EncryptedData keystore_decryptor_token; |
1927 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1750 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1928 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1751 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1929 other_cryptographer.AddKey(cur_key); | 1752 other_cryptographer.AddKey(cur_key); |
1930 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1753 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1931 other_cryptographer.AddNonDefaultKey(keystore_key); | 1754 other_cryptographer.AddNonDefaultKey(keystore_key); |
1932 EXPECT_TRUE(other_cryptographer.is_ready()); | 1755 EXPECT_TRUE(other_cryptographer.is_ready()); |
1933 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1756 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1934 other_cryptographer, | 1757 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1935 kKeystoreKey, | |
1936 &keystore_decryptor_token)); | |
1937 | 1758 |
1938 // Build a nigori node with the generated keystore decryptor token and | 1759 // Build a nigori node with the generated keystore decryptor token and |
1939 // initialize the encryption handler with it. The cryptographer will have | 1760 // initialize the encryption handler with it. The cryptographer will have |
1940 // pending keys until we provide the decryption passphrase. | 1761 // pending keys until we provide the decryption passphrase. |
1941 const int64_t migration_time = 1; | 1762 const int64_t migration_time = 1; |
1942 { | 1763 { |
1943 WriteTransaction trans(FROM_HERE, user_share()); | 1764 WriteTransaction trans(FROM_HERE, user_share()); |
1944 WriteNode nigori_node(&trans); | 1765 WriteNode nigori_node(&trans); |
1945 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1766 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1946 sync_pb::NigoriSpecifics nigori; | 1767 sync_pb::NigoriSpecifics nigori; |
1947 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1768 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1948 keystore_decryptor_token); | 1769 keystore_decryptor_token); |
1949 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1770 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1950 nigori.set_keybag_is_frozen(true); | 1771 nigori.set_keybag_is_frozen(true); |
1951 nigori.set_keystore_migration_time(migration_time); | 1772 nigori.set_keystore_migration_time(migration_time); |
1952 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1773 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1953 nigori_node.SetNigoriSpecifics(nigori); | 1774 nigori_node.SetNigoriSpecifics(nigori); |
1954 } | 1775 } |
1955 EXPECT_CALL(*observer(), | 1776 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1956 OnPassphraseRequired(_, _)); | 1777 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
1957 EXPECT_CALL(*observer(), | 1778 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1958 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1779 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1959 EXPECT_CALL(*observer(), | |
1960 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1961 EXPECT_CALL(*observer(), | |
1962 OnEncryptedTypesChanged(_, false)); | |
1963 encryption_handler()->Init(); | 1780 encryption_handler()->Init(); |
1964 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1781 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1965 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1782 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1966 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1783 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
1967 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1784 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1968 Mock::VerifyAndClearExpectations(observer()); | 1785 Mock::VerifyAndClearExpectations(observer()); |
1969 | 1786 |
1970 EXPECT_CALL(*observer(), | 1787 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1971 OnPassphraseAccepted()); | 1788 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1972 EXPECT_CALL(*observer(), | |
1973 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1974 std::string captured_bootstrap_token; | 1789 std::string captured_bootstrap_token; |
1975 EXPECT_CALL(*observer(), | 1790 EXPECT_CALL(*observer(), |
1976 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 1791 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1977 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 1792 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1978 EXPECT_CALL(*observer(), | 1793 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1979 OnEncryptionComplete()); | |
1980 encryption_handler()->SetDecryptionPassphrase(kCurKey); | 1794 encryption_handler()->SetDecryptionPassphrase(kCurKey); |
1981 Mock::VerifyAndClearExpectations(observer()); | 1795 Mock::VerifyAndClearExpectations(observer()); |
1982 | 1796 |
1983 EXPECT_CALL(*observer(), | 1797 EXPECT_CALL(*observer(), |
1984 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); | 1798 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); |
1985 EXPECT_CALL(*observer(), | 1799 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1986 OnEncryptionComplete()); | 1800 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1987 EXPECT_CALL(*observer(), | |
1988 OnEncryptedTypesChanged(_, true)); | |
1989 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1801 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1990 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1802 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1991 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1803 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1992 EXPECT_CALL(*observer(), | 1804 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1993 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
1994 encryption_handler()->EnableEncryptEverything(); | 1805 encryption_handler()->EnableEncryptEverything(); |
1995 Mock::VerifyAndClearExpectations(observer()); | 1806 Mock::VerifyAndClearExpectations(observer()); |
1996 | 1807 |
1997 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1808 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1998 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1809 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1999 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, | 1810 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, |
2000 encryption_handler()->GetPassphraseType()); | 1811 encryption_handler()->GetPassphraseType()); |
2001 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1812 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
2002 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); | 1813 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); |
2003 | 1814 |
(...skipping 11 matching lines...) Expand all Loading... |
2015 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1826 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
2016 | 1827 |
2017 VerifyRestoreAfterCustomPassphrase( | 1828 VerifyRestoreAfterCustomPassphrase( |
2018 migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state, | 1829 migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state, |
2019 FROZEN_IMPLICIT_PASSPHRASE); | 1830 FROZEN_IMPLICIT_PASSPHRASE); |
2020 } | 1831 } |
2021 | 1832 |
2022 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but | 1833 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but |
2023 // using an old default key (i.e. old GAIA password), we should overwrite the | 1834 // using an old default key (i.e. old GAIA password), we should overwrite the |
2024 // nigori, updating the keybag and keystore decryptor. | 1835 // nigori, updating the keybag and keystore decryptor. |
2025 TEST_F(SyncEncryptionHandlerImplTest, | 1836 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriWithOldPassphrase) { |
2026 ReceiveMigratedNigoriWithOldPassphrase) { | |
2027 const char kOldKey[] = "old"; | 1837 const char kOldKey[] = "old"; |
2028 const char kCurKey[] = "cur"; | 1838 const char kCurKey[] = "cur"; |
2029 sync_pb::EncryptedData encrypted; | 1839 sync_pb::EncryptedData encrypted; |
2030 KeyParams old_key = {"localhost", "dummy", kOldKey}; | 1840 KeyParams old_key = {"localhost", "dummy", kOldKey}; |
2031 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1841 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
2032 GetCryptographer()->AddKey(old_key); | 1842 GetCryptographer()->AddKey(old_key); |
2033 GetCryptographer()->AddKey(cur_key); | 1843 GetCryptographer()->AddKey(cur_key); |
2034 | 1844 |
2035 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1845 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
2036 other_cryptographer.AddKey(old_key); | 1846 other_cryptographer.AddKey(old_key); |
2037 EXPECT_TRUE(other_cryptographer.is_ready()); | 1847 EXPECT_TRUE(other_cryptographer.is_ready()); |
2038 | 1848 |
2039 EXPECT_CALL(*observer(), | 1849 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2040 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1850 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
2041 EXPECT_CALL(*observer(), | 1851 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
2042 OnEncryptedTypesChanged(_, false)); | |
2043 EXPECT_CALL(*observer(), | |
2044 OnEncryptionComplete()); | |
2045 encryption_handler()->Init(); | 1852 encryption_handler()->Init(); |
2046 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1853 EXPECT_TRUE(GetCryptographer()->is_ready()); |
2047 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1854 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
2048 | 1855 |
2049 { | 1856 { |
2050 EXPECT_CALL(*observer(), | 1857 EXPECT_CALL(*observer(), |
2051 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1858 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2052 ReadTransaction trans(FROM_HERE, user_share()); | 1859 ReadTransaction trans(FROM_HERE, user_share()); |
2053 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1860 encryption_handler()->SetKeystoreKeys( |
2054 kRawKeystoreKey), | 1861 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
2055 trans.GetWrappedTrans()); | |
2056 } | 1862 } |
2057 EXPECT_CALL(*observer(), | 1863 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
2058 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
2059 PumpLoop(); | 1864 PumpLoop(); |
2060 Mock::VerifyAndClearExpectations(observer()); | 1865 Mock::VerifyAndClearExpectations(observer()); |
2061 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1866 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2062 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1867 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
2063 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); | 1868 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); |
2064 | 1869 |
2065 // Now build an old keystore passphrase nigori node. | 1870 // Now build an old keystore passphrase nigori node. |
2066 EXPECT_CALL(*observer(), | 1871 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2067 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
2068 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1872 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
2069 { | 1873 { |
2070 WriteTransaction trans(FROM_HERE, user_share()); | 1874 WriteTransaction trans(FROM_HERE, user_share()); |
2071 WriteNode nigori_node(&trans); | 1875 WriteNode nigori_node(&trans); |
2072 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1876 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
2073 sync_pb::NigoriSpecifics nigori; | 1877 sync_pb::NigoriSpecifics nigori; |
2074 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1878 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
2075 other_cryptographer.AddKey(old_key); | 1879 other_cryptographer.AddKey(old_key); |
2076 encryption_handler()->GetKeystoreDecryptor( | 1880 encryption_handler()->GetKeystoreDecryptor( |
2077 other_cryptographer, | 1881 other_cryptographer, kKeystoreKey, |
2078 kKeystoreKey, | |
2079 nigori.mutable_keystore_decryptor_token()); | 1882 nigori.mutable_keystore_decryptor_token()); |
2080 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1883 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
2081 nigori.set_keybag_is_frozen(true); | 1884 nigori.set_keybag_is_frozen(true); |
2082 nigori.set_encrypt_everything(false); | 1885 nigori.set_encrypt_everything(false); |
2083 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1886 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
2084 nigori.set_keystore_migration_time(1); | 1887 nigori.set_keystore_migration_time(1); |
2085 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1888 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
2086 nigori_node.SetNigoriSpecifics(nigori); | 1889 nigori_node.SetNigoriSpecifics(nigori); |
2087 } | 1890 } |
2088 PumpLoop(); | 1891 PumpLoop(); |
(...skipping 16 matching lines...) Expand all Loading... |
2105 SetUpEncryption(); | 1908 SetUpEncryption(); |
2106 | 1909 |
2107 const char kOldGaiaKey[] = "old_gaia_key"; | 1910 const char kOldGaiaKey[] = "old_gaia_key"; |
2108 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 1911 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2109 std::string old_keystore_key; | 1912 std::string old_keystore_key; |
2110 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); | 1913 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); |
2111 { | 1914 { |
2112 ReadTransaction trans(FROM_HERE, user_share()); | 1915 ReadTransaction trans(FROM_HERE, user_share()); |
2113 EXPECT_CALL(*observer(), | 1916 EXPECT_CALL(*observer(), |
2114 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1917 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2115 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1918 encryption_handler()->SetKeystoreKeys( |
2116 kRawOldKeystoreKey), | 1919 BuildEncryptionKeyProto(kRawOldKeystoreKey), trans.GetWrappedTrans()); |
2117 trans.GetWrappedTrans()); | |
2118 } | 1920 } |
2119 PumpLoop(); | 1921 PumpLoop(); |
2120 Mock::VerifyAndClearExpectations(observer()); | 1922 Mock::VerifyAndClearExpectations(observer()); |
2121 | 1923 |
2122 // Then init the nigori node with a backwards compatible set of keys. | 1924 // Then init the nigori node with a backwards compatible set of keys. |
2123 CreateRootForType(NIGORI); | 1925 CreateRootForType(NIGORI); |
2124 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1926 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2125 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); | 1927 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); |
2126 | 1928 |
2127 // Now set some new keystore keys. | 1929 // Now set some new keystore keys. |
2128 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1930 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2129 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1931 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
2130 { | 1932 { |
2131 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 1933 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2132 keys.Add()->assign(kRawOldKeystoreKey); | 1934 keys.Add()->assign(kRawOldKeystoreKey); |
2133 keys.Add()->assign(kRawKeystoreKey); | 1935 keys.Add()->assign(kRawKeystoreKey); |
2134 EXPECT_CALL(*observer(), | 1936 EXPECT_CALL(*observer(), |
2135 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1937 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2136 ReadTransaction trans(FROM_HERE, user_share()); | 1938 ReadTransaction trans(FROM_HERE, user_share()); |
2137 encryption_handler()->SetKeystoreKeys(keys, | 1939 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2138 trans.GetWrappedTrans()); | |
2139 } | 1940 } |
2140 // Pump for any posted tasks. | 1941 // Pump for any posted tasks. |
2141 PumpLoop(); | 1942 PumpLoop(); |
2142 Mock::VerifyAndClearExpectations(observer()); | 1943 Mock::VerifyAndClearExpectations(observer()); |
2143 | 1944 |
2144 // Verify we're still migrated and have proper encryption state. We should | 1945 // Verify we're still migrated and have proper encryption state. We should |
2145 // have rotated the keybag so that it's now encrypted with the newest keystore | 1946 // have rotated the keybag so that it's now encrypted with the newest keystore |
2146 // key (instead of the old gaia key). | 1947 // key (instead of the old gaia key). |
2147 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1948 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2148 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1949 EXPECT_TRUE(GetCryptographer()->is_ready()); |
(...skipping 10 matching lines...) Expand all Loading... |
2159 test_user_share_.SetUp(); | 1960 test_user_share_.SetUp(); |
2160 SetUpEncryption(); | 1961 SetUpEncryption(); |
2161 | 1962 |
2162 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 1963 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2163 std::string old_keystore_key; | 1964 std::string old_keystore_key; |
2164 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); | 1965 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); |
2165 { | 1966 { |
2166 ReadTransaction trans(FROM_HERE, user_share()); | 1967 ReadTransaction trans(FROM_HERE, user_share()); |
2167 EXPECT_CALL(*observer(), | 1968 EXPECT_CALL(*observer(), |
2168 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1969 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2169 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 1970 encryption_handler()->SetKeystoreKeys( |
2170 kRawOldKeystoreKey), | 1971 BuildEncryptionKeyProto(kRawOldKeystoreKey), trans.GetWrappedTrans()); |
2171 trans.GetWrappedTrans()); | |
2172 } | 1972 } |
2173 PumpLoop(); | 1973 PumpLoop(); |
2174 Mock::VerifyAndClearExpectations(observer()); | 1974 Mock::VerifyAndClearExpectations(observer()); |
2175 | 1975 |
2176 // Then init the nigori node with a non-backwards compatible set of keys. | 1976 // Then init the nigori node with a non-backwards compatible set of keys. |
2177 CreateRootForType(NIGORI); | 1977 CreateRootForType(NIGORI); |
2178 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1978 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2179 InitKeystoreMigratedNigori(1, old_keystore_key, old_keystore_key); | 1979 InitKeystoreMigratedNigori(1, old_keystore_key, old_keystore_key); |
2180 | 1980 |
2181 // Now set some new keystore keys. | 1981 // Now set some new keystore keys. |
2182 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1982 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2183 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1983 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
2184 { | 1984 { |
2185 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 1985 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2186 keys.Add()->assign(kRawOldKeystoreKey); | 1986 keys.Add()->assign(kRawOldKeystoreKey); |
2187 keys.Add()->assign(kRawKeystoreKey); | 1987 keys.Add()->assign(kRawKeystoreKey); |
2188 EXPECT_CALL(*observer(), | 1988 EXPECT_CALL(*observer(), |
2189 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1989 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2190 ReadTransaction trans(FROM_HERE, user_share()); | 1990 ReadTransaction trans(FROM_HERE, user_share()); |
2191 encryption_handler()->SetKeystoreKeys(keys, | 1991 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2192 trans.GetWrappedTrans()); | |
2193 } | 1992 } |
2194 // Pump for any posted tasks. | 1993 // Pump for any posted tasks. |
2195 PumpLoop(); | 1994 PumpLoop(); |
2196 Mock::VerifyAndClearExpectations(observer()); | 1995 Mock::VerifyAndClearExpectations(observer()); |
2197 | 1996 |
2198 // Verify we're still migrated and have proper encryption state. We should | 1997 // Verify we're still migrated and have proper encryption state. We should |
2199 // have rotated the keybag so that it's now encrypted with the newest keystore | 1998 // have rotated the keybag so that it's now encrypted with the newest keystore |
2200 // key (instead of the old gaia key). | 1999 // key (instead of the old gaia key). |
2201 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2000 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2202 EXPECT_TRUE(GetCryptographer()->is_ready()); | 2001 EXPECT_TRUE(GetCryptographer()->is_ready()); |
(...skipping 11 matching lines...) Expand all Loading... |
2214 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); | 2013 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); |
2215 | 2014 |
2216 { | 2015 { |
2217 // Pass multiple keystore keys, signaling a rotation has happened. | 2016 // Pass multiple keystore keys, signaling a rotation has happened. |
2218 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2017 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2219 keys.Add()->assign(kRawOldKeystoreKey); | 2018 keys.Add()->assign(kRawOldKeystoreKey); |
2220 keys.Add()->assign(kRawKeystoreKey); | 2019 keys.Add()->assign(kRawKeystoreKey); |
2221 ReadTransaction trans(FROM_HERE, user_share()); | 2020 ReadTransaction trans(FROM_HERE, user_share()); |
2222 EXPECT_CALL(*observer(), | 2021 EXPECT_CALL(*observer(), |
2223 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2022 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2224 encryption_handler()->SetKeystoreKeys(keys, | 2023 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2225 trans.GetWrappedTrans()); | |
2226 } | 2024 } |
2227 PumpLoop(); | 2025 PumpLoop(); |
2228 Mock::VerifyAndClearExpectations(observer()); | 2026 Mock::VerifyAndClearExpectations(observer()); |
2229 | 2027 |
2230 // Resolve the pending keys. This should trigger the key rotation. | 2028 // Resolve the pending keys. This should trigger the key rotation. |
2231 EXPECT_CALL(*observer(), | 2029 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2232 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2030 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2233 EXPECT_CALL(*observer(), | 2031 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
2234 OnPassphraseAccepted()); | |
2235 EXPECT_CALL(*observer(), | |
2236 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
2237 EXPECT_CALL(*observer(), | 2032 EXPECT_CALL(*observer(), |
2238 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 2033 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
2239 EXPECT_CALL(*observer(), | 2034 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
2240 OnEncryptionComplete()).Times(AtLeast(1)); | |
2241 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 2035 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
2242 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey); | 2036 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey); |
2243 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2037 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2244 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 2038 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
2245 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2039 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); |
2246 } | 2040 } |
2247 | 2041 |
2248 // When signing in for the first time, make sure we can rotate keys if we | 2042 // When signing in for the first time, make sure we can rotate keys if we |
2249 // already have a keystore migrated nigori. | 2043 // already have a keystore migrated nigori. |
2250 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) { | 2044 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) { |
2251 // Destroy the existing nigori node so we init without a nigori node. | 2045 // Destroy the existing nigori node so we init without a nigori node. |
2252 TearDown(); | 2046 TearDown(); |
2253 test_user_share_.SetUp(); | 2047 test_user_share_.SetUp(); |
2254 SetUpEncryption(); | 2048 SetUpEncryption(); |
2255 | 2049 |
2256 const char kOldGaiaKey[] = "old_gaia_key"; | 2050 const char kOldGaiaKey[] = "old_gaia_key"; |
2257 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 2051 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2258 std::string old_keystore_key; | 2052 std::string old_keystore_key; |
2259 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); | 2053 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); |
2260 | 2054 |
2261 // Set two keys, signaling that a rotation has been performed. No nigori | 2055 // Set two keys, signaling that a rotation has been performed. No nigori |
2262 // node is present yet, so we can't rotate. | 2056 // node is present yet, so we can't rotate. |
2263 { | 2057 { |
2264 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2058 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2265 keys.Add()->assign(kRawOldKeystoreKey); | 2059 keys.Add()->assign(kRawOldKeystoreKey); |
2266 keys.Add()->assign(kRawKeystoreKey); | 2060 keys.Add()->assign(kRawKeystoreKey); |
2267 EXPECT_CALL(*observer(), | 2061 EXPECT_CALL(*observer(), |
2268 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2062 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2269 ReadTransaction trans(FROM_HERE, user_share()); | 2063 ReadTransaction trans(FROM_HERE, user_share()); |
2270 encryption_handler()->SetKeystoreKeys(keys, | 2064 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2271 trans.GetWrappedTrans()); | |
2272 } | 2065 } |
2273 | 2066 |
2274 // Then init the nigori node with an old set of keys. | 2067 // Then init the nigori node with an old set of keys. |
2275 CreateRootForType(NIGORI); | 2068 CreateRootForType(NIGORI); |
2276 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 2069 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2277 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); | 2070 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); |
2278 PumpLoop(); | 2071 PumpLoop(); |
2279 Mock::VerifyAndClearExpectations(observer()); | 2072 Mock::VerifyAndClearExpectations(observer()); |
2280 | 2073 |
2281 // Verify we're still migrated and have proper encryption state. We should | 2074 // Verify we're still migrated and have proper encryption state. We should |
(...skipping 18 matching lines...) Expand all Loading... |
2300 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); | 2093 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); |
2301 | 2094 |
2302 { | 2095 { |
2303 // Pass multiple keystore keys, signaling a rotation has happened. | 2096 // Pass multiple keystore keys, signaling a rotation has happened. |
2304 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2097 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2305 keys.Add()->assign(kRawOldKeystoreKey); | 2098 keys.Add()->assign(kRawOldKeystoreKey); |
2306 keys.Add()->assign(kRawKeystoreKey); | 2099 keys.Add()->assign(kRawKeystoreKey); |
2307 ReadTransaction trans(FROM_HERE, user_share()); | 2100 ReadTransaction trans(FROM_HERE, user_share()); |
2308 EXPECT_CALL(*observer(), | 2101 EXPECT_CALL(*observer(), |
2309 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2102 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2310 encryption_handler()->SetKeystoreKeys(keys, | 2103 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2311 trans.GetWrappedTrans()); | |
2312 } | 2104 } |
2313 PumpLoop(); | 2105 PumpLoop(); |
2314 Mock::VerifyAndClearExpectations(observer()); | 2106 Mock::VerifyAndClearExpectations(observer()); |
2315 | 2107 |
2316 // Now simulate downloading a nigori node that was migrated before the | 2108 // Now simulate downloading a nigori node that was migrated before the |
2317 // keys were rotated, and hence still encrypt with the old gaia key. | 2109 // keys were rotated, and hence still encrypt with the old gaia key. |
2318 EXPECT_CALL(*observer(), | 2110 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2319 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2111 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2320 EXPECT_CALL(*observer(), | 2112 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
2321 OnPassphraseAccepted()); | |
2322 EXPECT_CALL(*observer(), | |
2323 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
2324 EXPECT_CALL(*observer(), | 2113 EXPECT_CALL(*observer(), |
2325 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 2114 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
2326 EXPECT_CALL(*observer(), | 2115 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
2327 OnEncryptionComplete()).Times(AtLeast(1)); | |
2328 { | 2116 { |
2329 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( | 2117 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( |
2330 KEYSTORE_PASSPHRASE, | 2118 KEYSTORE_PASSPHRASE, 1, kOldGaiaKey, old_keystore_key); |
2331 1, | |
2332 kOldGaiaKey, | |
2333 old_keystore_key); | |
2334 // Update the encryption handler. | 2119 // Update the encryption handler. |
2335 WriteTransaction trans(FROM_HERE, user_share()); | 2120 WriteTransaction trans(FROM_HERE, user_share()); |
2336 encryption_handler()->ApplyNigoriUpdate( | 2121 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
2337 nigori, | |
2338 trans.GetWrappedTrans()); | |
2339 } | 2122 } |
2340 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 2123 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
2341 PumpLoop(); | 2124 PumpLoop(); |
2342 | 2125 |
2343 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2126 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2344 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 2127 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); |
2345 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2128 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); |
2346 } | 2129 } |
2347 | 2130 |
2348 // Verify that performing a migration while having more than one keystore key | 2131 // Verify that performing a migration while having more than one keystore key |
2349 // preserves a custom passphrase. | 2132 // preserves a custom passphrase. |
2350 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) { | 2133 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) { |
2351 const char kCustomPass[] = "custom_passphrase"; | 2134 const char kCustomPass[] = "custom_passphrase"; |
2352 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 2135 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2353 | 2136 |
2354 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 2137 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2355 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE); | 2138 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE); |
2356 | 2139 |
2357 { | 2140 { |
2358 // Pass multiple keystore keys, signaling a rotation has happened. | 2141 // Pass multiple keystore keys, signaling a rotation has happened. |
2359 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2142 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2360 keys.Add()->assign(kRawOldKeystoreKey); | 2143 keys.Add()->assign(kRawOldKeystoreKey); |
2361 keys.Add()->assign(kRawKeystoreKey); | 2144 keys.Add()->assign(kRawKeystoreKey); |
2362 ReadTransaction trans(FROM_HERE, user_share()); | 2145 ReadTransaction trans(FROM_HERE, user_share()); |
2363 EXPECT_CALL(*observer(), | 2146 EXPECT_CALL(*observer(), |
2364 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2147 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2365 encryption_handler()->SetKeystoreKeys(keys, | 2148 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2366 trans.GetWrappedTrans()); | |
2367 } | 2149 } |
2368 PumpLoop(); | 2150 PumpLoop(); |
2369 Mock::VerifyAndClearExpectations(observer()); | 2151 Mock::VerifyAndClearExpectations(observer()); |
2370 | 2152 |
2371 // Pass the decryption passphrase. This will also trigger the migration, | 2153 // Pass the decryption passphrase. This will also trigger the migration, |
2372 // but should not overwrite the default key. | 2154 // but should not overwrite the default key. |
2373 EXPECT_CALL(*observer(), | 2155 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2374 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2156 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2375 EXPECT_CALL(*observer(), | 2157 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
2376 OnPassphraseAccepted()); | |
2377 EXPECT_CALL(*observer(), | |
2378 OnEncryptedTypesChanged(_, true)); | |
2379 SyncEncryptionHandler::NigoriState captured_nigori_state; | 2158 SyncEncryptionHandler::NigoriState captured_nigori_state; |
2380 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 2159 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
2381 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 2160 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
2382 EXPECT_CALL(*observer(), | 2161 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AnyNumber()); |
2383 OnEncryptionComplete()).Times(AnyNumber()); | |
2384 std::string captured_bootstrap_token; | 2162 std::string captured_bootstrap_token; |
2385 EXPECT_CALL(*observer(), | 2163 EXPECT_CALL(*observer(), |
2386 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 2164 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
2387 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 2165 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
2388 encryption_handler()->SetDecryptionPassphrase(kCustomPass); | 2166 encryption_handler()->SetDecryptionPassphrase(kCustomPass); |
2389 Mock::VerifyAndClearExpectations(observer()); | 2167 Mock::VerifyAndClearExpectations(observer()); |
2390 | 2168 |
2391 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass); | 2169 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass); |
2392 | 2170 |
2393 const base::Time migration_time = encryption_handler()->migration_time(); | 2171 const base::Time migration_time = encryption_handler()->migration_time(); |
(...skipping 18 matching lines...) Expand all Loading... |
2412 | 2190 |
2413 SyncEncryptionHandler::NigoriState captured_nigori_state; | 2191 SyncEncryptionHandler::NigoriState captured_nigori_state; |
2414 { | 2192 { |
2415 // Pass multiple keystore keys, signaling a rotation has happened. | 2193 // Pass multiple keystore keys, signaling a rotation has happened. |
2416 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2194 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2417 keys.Add()->assign(kRawOldKeystoreKey); | 2195 keys.Add()->assign(kRawOldKeystoreKey); |
2418 keys.Add()->assign(kRawKeystoreKey); | 2196 keys.Add()->assign(kRawKeystoreKey); |
2419 ReadTransaction trans(FROM_HERE, user_share()); | 2197 ReadTransaction trans(FROM_HERE, user_share()); |
2420 EXPECT_CALL(*observer(), | 2198 EXPECT_CALL(*observer(), |
2421 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2199 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2422 EXPECT_CALL(*observer(), | 2200 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2423 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
2424 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 2201 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
2425 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 2202 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
2426 encryption_handler()->SetKeystoreKeys(keys, | 2203 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2427 trans.GetWrappedTrans()); | |
2428 } | 2204 } |
2429 PumpLoop(); | 2205 PumpLoop(); |
2430 Mock::VerifyAndClearExpectations(observer()); | 2206 Mock::VerifyAndClearExpectations(observer()); |
2431 | 2207 |
2432 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, | 2208 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, |
2433 kCustomPass); | 2209 kCustomPass); |
2434 | 2210 |
2435 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, | 2211 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, |
2436 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked | 2212 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked |
2437 // during a previous instance) so get it from the Cryptographer. | 2213 // during a previous instance) so get it from the Cryptographer. |
2438 std::string passphrase_bootstrap_token; | 2214 std::string passphrase_bootstrap_token; |
2439 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); | 2215 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); |
2440 VerifyRestoreAfterCustomPassphrase(migration_time, kCustomPass, | 2216 VerifyRestoreAfterCustomPassphrase(migration_time, kCustomPass, |
2441 passphrase_bootstrap_token, | 2217 passphrase_bootstrap_token, |
2442 captured_nigori_state, CUSTOM_PASSPHRASE); | 2218 captured_nigori_state, CUSTOM_PASSPHRASE); |
2443 } | 2219 } |
2444 | 2220 |
2445 // Verify that the client can gracefully handle a nigori node that is missing | 2221 // Verify that the client can gracefully handle a nigori node that is missing |
2446 // the keystore migration time field. | 2222 // the keystore migration time field. |
2447 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) { | 2223 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) { |
2448 EXPECT_CALL(*observer(), | 2224 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2449 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2225 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2450 EXPECT_CALL(*observer(), | 2226 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
2451 OnPassphraseRequired(_, _)); | |
2452 EXPECT_CALL(*observer(), | |
2453 OnEncryptedTypesChanged(_, false)); | |
2454 encryption_handler()->Init(); | 2227 encryption_handler()->Init(); |
2455 Mock::VerifyAndClearExpectations(observer()); | 2228 Mock::VerifyAndClearExpectations(observer()); |
2456 | 2229 |
2457 // Now simulate downloading a nigori node that that is missing the keystore | 2230 // Now simulate downloading a nigori node that that is missing the keystore |
2458 // migration time. It should be interpreted properly, and the passphrase type | 2231 // migration time. It should be interpreted properly, and the passphrase type |
2459 // should switch to keystore passphrase. | 2232 // should switch to keystore passphrase. |
2460 EXPECT_CALL(*observer(), | 2233 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2461 OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2234 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2462 EXPECT_CALL(*observer(), | 2235 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); |
2463 OnPassphraseRequired(_, _)); | |
2464 EXPECT_CALL(*observer(), | |
2465 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | |
2466 { | 2236 { |
2467 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( | 2237 sync_pb::NigoriSpecifics nigori = |
2468 KEYSTORE_PASSPHRASE, | 2238 BuildMigratedNigori(KEYSTORE_PASSPHRASE, 1, kKeystoreKey, kKeystoreKey); |
2469 1, | |
2470 kKeystoreKey, | |
2471 kKeystoreKey); | |
2472 nigori.clear_keystore_migration_time(); | 2239 nigori.clear_keystore_migration_time(); |
2473 // Update the encryption handler. | 2240 // Update the encryption handler. |
2474 WriteTransaction trans(FROM_HERE, user_share()); | 2241 WriteTransaction trans(FROM_HERE, user_share()); |
2475 encryption_handler()->ApplyNigoriUpdate( | 2242 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
2476 nigori, | |
2477 trans.GetWrappedTrans()); | |
2478 } | 2243 } |
2479 Mock::VerifyAndClearExpectations(observer()); | 2244 Mock::VerifyAndClearExpectations(observer()); |
2480 | 2245 |
2481 // Now provide the keystore key to fully initialize the cryptographer. | 2246 // Now provide the keystore key to fully initialize the cryptographer. |
2482 EXPECT_CALL(*observer(), | 2247 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2483 OnCryptographerStateChanged(_)).Times(AnyNumber()); | |
2484 EXPECT_CALL(*observer(), | 2248 EXPECT_CALL(*observer(), |
2485 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2249 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2486 { | 2250 { |
2487 ReadTransaction trans(FROM_HERE, user_share()); | 2251 ReadTransaction trans(FROM_HERE, user_share()); |
2488 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( | 2252 encryption_handler()->SetKeystoreKeys( |
2489 kRawKeystoreKey), | 2253 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
2490 trans.GetWrappedTrans()); | |
2491 } | 2254 } |
2492 } | 2255 } |
2493 | 2256 |
2494 } // namespace syncer | 2257 } // namespace syncer |
OLD | NEW |