Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Unified Diff: sync/syncable/nigori_util.cc

Issue 2130453004: [Sync] Move //sync to //components/sync. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sync/syncable/nigori_util.h ('k') | sync/syncable/nigori_util_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sync/syncable/nigori_util.cc
diff --git a/sync/syncable/nigori_util.cc b/sync/syncable/nigori_util.cc
deleted file mode 100644
index 2016a7ac9896401620d3471128cd9e43aae91eb0..0000000000000000000000000000000000000000
--- a/sync/syncable/nigori_util.cc
+++ /dev/null
@@ -1,332 +0,0 @@
-// Copyright 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sync/syncable/nigori_util.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <queue>
-#include <string>
-#include <vector>
-
-#include "base/json/json_writer.h"
-#include "sync/syncable/directory.h"
-#include "sync/syncable/entry.h"
-#include "sync/syncable/mutable_entry.h"
-#include "sync/syncable/nigori_handler.h"
-#include "sync/syncable/syncable_util.h"
-#include "sync/syncable/syncable_write_transaction.h"
-#include "sync/util/cryptographer.h"
-
-namespace syncer {
-namespace syncable {
-
-bool ProcessUnsyncedChangesForEncryption(
- WriteTransaction* const trans) {
- NigoriHandler* nigori_handler = trans->directory()->GetNigoriHandler();
- ModelTypeSet encrypted_types = nigori_handler->GetEncryptedTypes(trans);
- Cryptographer* cryptographer = trans->directory()->GetCryptographer(trans);
- DCHECK(cryptographer->is_ready());
-
- // Get list of all datatypes with unsynced changes. It's possible that our
- // local changes need to be encrypted if encryption for that datatype was
- // just turned on (and vice versa).
- // Note: we do not attempt to re-encrypt data with a new key here as key
- // changes in this code path are likely due to consistency issues (we have
- // to be updated to a key we already have, e.g. an old key).
- std::vector<int64_t> handles;
- GetUnsyncedEntries(trans, &handles);
- for (size_t i = 0; i < handles.size(); ++i) {
- MutableEntry entry(trans, GET_BY_HANDLE, handles[i]);
- const sync_pb::EntitySpecifics& specifics = entry.GetSpecifics();
- // Ignore types that don't need encryption or entries that are already
- // encrypted.
- if (!SpecificsNeedsEncryption(encrypted_types, specifics))
- continue;
- if (!UpdateEntryWithEncryption(trans, specifics, &entry))
- return false;
- }
- return true;
-}
-
-bool VerifyUnsyncedChangesAreEncrypted(
- BaseTransaction* const trans,
- ModelTypeSet encrypted_types) {
- std::vector<int64_t> handles;
- GetUnsyncedEntries(trans, &handles);
- for (size_t i = 0; i < handles.size(); ++i) {
- Entry entry(trans, GET_BY_HANDLE, handles[i]);
- if (!entry.good()) {
- NOTREACHED();
- return false;
- }
- if (EntryNeedsEncryption(encrypted_types, entry))
- return false;
- }
- return true;
-}
-
-bool EntryNeedsEncryption(ModelTypeSet encrypted_types,
- const Entry& entry) {
- if (!entry.GetUniqueServerTag().empty())
- return false; // We don't encrypt unique server nodes.
- ModelType type = entry.GetModelType();
- if (type == PASSWORDS || IsControlType(type))
- return false;
- // Checking NON_UNIQUE_NAME is not necessary for the correctness of encrypting
- // the data, nor for determining if data is encrypted. We simply ensure it has
- // been overwritten to avoid any possible leaks of sensitive data.
- return SpecificsNeedsEncryption(encrypted_types, entry.GetSpecifics()) ||
- (encrypted_types.Has(type) &&
- entry.GetNonUniqueName() != kEncryptedString);
-}
-
-bool SpecificsNeedsEncryption(ModelTypeSet encrypted_types,
- const sync_pb::EntitySpecifics& specifics) {
- const ModelType type = GetModelTypeFromSpecifics(specifics);
- if (type == PASSWORDS || IsControlType(type))
- return false; // These types have their own encryption schemes.
- if (!encrypted_types.Has(type))
- return false; // This type does not require encryption
- return !specifics.has_encrypted();
-}
-
-// Mainly for testing.
-bool VerifyDataTypeEncryptionForTest(
- BaseTransaction* const trans,
- ModelType type,
- bool is_encrypted) {
- Cryptographer* cryptographer = trans->directory()->GetCryptographer(trans);
- if (type == PASSWORDS || IsControlType(type)) {
- NOTREACHED();
- return true;
- }
- Entry type_root(trans, GET_TYPE_ROOT, type);
- if (!type_root.good()) {
- NOTREACHED();
- return false;
- }
-
- std::queue<Id> to_visit;
- Id id_string = type_root.GetFirstChildId();
- to_visit.push(id_string);
- while (!to_visit.empty()) {
- id_string = to_visit.front();
- to_visit.pop();
- if (id_string.IsNull())
- continue;
-
- Entry child(trans, GET_BY_ID, id_string);
- if (!child.good()) {
- NOTREACHED();
- return false;
- }
- if (child.GetIsDir()) {
- Id child_id_string = child.GetFirstChildId();
- // Traverse the children.
- to_visit.push(child_id_string);
- }
- const sync_pb::EntitySpecifics& specifics = child.GetSpecifics();
- DCHECK_EQ(type, child.GetModelType());
- DCHECK_EQ(type, GetModelTypeFromSpecifics(specifics));
- // We don't encrypt the server's permanent items.
- if (child.GetUniqueServerTag().empty()) {
- if (specifics.has_encrypted() != is_encrypted)
- return false;
- if (specifics.has_encrypted()) {
- if (child.GetNonUniqueName() != kEncryptedString)
- return false;
- if (!cryptographer->CanDecryptUsingDefaultKey(specifics.encrypted()))
- return false;
- }
- }
- // Push the successor.
- to_visit.push(child.GetSuccessorId());
- }
- return true;
-}
-
-bool UpdateEntryWithEncryption(
- BaseTransaction* const trans,
- const sync_pb::EntitySpecifics& new_specifics,
- syncable::MutableEntry* entry) {
- NigoriHandler* nigori_handler = trans->directory()->GetNigoriHandler();
- Cryptographer* cryptographer = trans->directory()->GetCryptographer(trans);
- ModelType type = GetModelTypeFromSpecifics(new_specifics);
- DCHECK_GE(type, FIRST_REAL_MODEL_TYPE);
- const sync_pb::EntitySpecifics& old_specifics = entry->GetSpecifics();
- const ModelTypeSet encrypted_types =
- nigori_handler?
- nigori_handler->GetEncryptedTypes(trans) : ModelTypeSet();
- // It's possible the nigori lost the set of encrypted types. If the current
- // specifics are already encrypted, we want to ensure we continue encrypting.
- bool was_encrypted = old_specifics.has_encrypted();
- sync_pb::EntitySpecifics generated_specifics;
- if (new_specifics.has_encrypted()) {
- NOTREACHED() << "New specifics already has an encrypted blob.";
- return false;
- }
- if ((!SpecificsNeedsEncryption(encrypted_types, new_specifics) &&
- !was_encrypted) ||
- !cryptographer || !cryptographer->is_initialized()) {
- // No encryption required or we are unable to encrypt.
- generated_specifics.CopyFrom(new_specifics);
- } else {
- // Encrypt new_specifics into generated_specifics.
- if (VLOG_IS_ON(2)) {
- std::unique_ptr<base::DictionaryValue> value(entry->ToValue(NULL));
- std::string info;
- base::JSONWriter::WriteWithOptions(
- *value, base::JSONWriter::OPTIONS_PRETTY_PRINT, &info);
- DVLOG(2) << "Encrypting specifics of type "
- << ModelTypeToString(type)
- << " with content: "
- << info;
- }
- // Only copy over the old specifics if it is of the right type and already
- // encrypted. The first time we encrypt a node we start from scratch, hence
- // removing all the unencrypted data, but from then on we only want to
- // update the node if the data changes or the encryption key changes.
- if (GetModelTypeFromSpecifics(old_specifics) == type &&
- was_encrypted) {
- generated_specifics.CopyFrom(old_specifics);
- } else {
- AddDefaultFieldValue(type, &generated_specifics);
- }
- // Does not change anything if underlying encrypted blob was already up
- // to date and encrypted with the default key.
- if (!cryptographer->Encrypt(new_specifics,
- generated_specifics.mutable_encrypted())) {
- NOTREACHED() << "Could not encrypt data for node of type "
- << ModelTypeToString(type);
- return false;
- }
- }
-
- // It's possible this entry was encrypted but didn't properly overwrite the
- // non_unique_name (see crbug.com/96314).
- bool encrypted_without_overwriting_name = (was_encrypted &&
- entry->GetNonUniqueName() != kEncryptedString);
-
- // If we're encrypted but the name wasn't overwritten properly we still want
- // to rewrite the entry, irrespective of whether the specifics match.
- if (!encrypted_without_overwriting_name &&
- old_specifics.SerializeAsString() ==
- generated_specifics.SerializeAsString()) {
- DVLOG(2) << "Specifics of type " << ModelTypeToString(type)
- << " already match, dropping change.";
- return true;
- }
-
- if (generated_specifics.has_encrypted()) {
- // Overwrite the possibly sensitive non-specifics data.
- entry->PutNonUniqueName(kEncryptedString);
- // For bookmarks we actually put bogus data into the unencrypted specifics,
- // else the server will try to do it for us.
- if (type == BOOKMARKS) {
- sync_pb::BookmarkSpecifics* bookmark_specifics =
- generated_specifics.mutable_bookmark();
- if (!entry->GetIsDir())
- bookmark_specifics->set_url(kEncryptedString);
- bookmark_specifics->set_title(kEncryptedString);
- }
- }
- entry->PutSpecifics(generated_specifics);
- DVLOG(1) << "Overwriting specifics of type "
- << ModelTypeToString(type)
- << " and marking for syncing.";
- syncable::MarkForSyncing(entry);
- return true;
-}
-
-void UpdateNigoriFromEncryptedTypes(ModelTypeSet encrypted_types,
- bool encrypt_everything,
- sync_pb::NigoriSpecifics* nigori) {
- nigori->set_encrypt_everything(encrypt_everything);
- static_assert(37 == MODEL_TYPE_COUNT, "update encrypted types");
- nigori->set_encrypt_bookmarks(
- encrypted_types.Has(BOOKMARKS));
- nigori->set_encrypt_preferences(
- encrypted_types.Has(PREFERENCES));
- nigori->set_encrypt_autofill_profile(
- encrypted_types.Has(AUTOFILL_PROFILE));
- nigori->set_encrypt_autofill(encrypted_types.Has(AUTOFILL));
- nigori->set_encrypt_autofill_wallet_metadata(
- encrypted_types.Has(AUTOFILL_WALLET_METADATA));
- nigori->set_encrypt_themes(encrypted_types.Has(THEMES));
- nigori->set_encrypt_typed_urls(
- encrypted_types.Has(TYPED_URLS));
- nigori->set_encrypt_extension_settings(
- encrypted_types.Has(EXTENSION_SETTINGS));
- nigori->set_encrypt_extensions(
- encrypted_types.Has(EXTENSIONS));
- nigori->set_encrypt_search_engines(
- encrypted_types.Has(SEARCH_ENGINES));
- nigori->set_encrypt_sessions(encrypted_types.Has(SESSIONS));
- nigori->set_encrypt_app_settings(
- encrypted_types.Has(APP_SETTINGS));
- nigori->set_encrypt_apps(encrypted_types.Has(APPS));
- nigori->set_encrypt_app_notifications(
- encrypted_types.Has(APP_NOTIFICATIONS));
- nigori->set_encrypt_dictionary(encrypted_types.Has(DICTIONARY));
- nigori->set_encrypt_favicon_images(encrypted_types.Has(FAVICON_IMAGES));
- nigori->set_encrypt_favicon_tracking(encrypted_types.Has(FAVICON_TRACKING));
- nigori->set_encrypt_articles(encrypted_types.Has(ARTICLES));
- nigori->set_encrypt_app_list(encrypted_types.Has(APP_LIST));
- nigori->set_encrypt_arc_package(encrypted_types.Has(ARC_PACKAGE));
-}
-
-ModelTypeSet GetEncryptedTypesFromNigori(
- const sync_pb::NigoriSpecifics& nigori) {
- if (nigori.encrypt_everything())
- return ModelTypeSet::All();
-
- ModelTypeSet encrypted_types;
- static_assert(37 == MODEL_TYPE_COUNT, "update encrypted types");
- if (nigori.encrypt_bookmarks())
- encrypted_types.Put(BOOKMARKS);
- if (nigori.encrypt_preferences())
- encrypted_types.Put(PREFERENCES);
- if (nigori.encrypt_autofill_profile())
- encrypted_types.Put(AUTOFILL_PROFILE);
- if (nigori.encrypt_autofill())
- encrypted_types.Put(AUTOFILL);
- if (nigori.encrypt_autofill_wallet_metadata())
- encrypted_types.Put(AUTOFILL_WALLET_METADATA);
- if (nigori.encrypt_themes())
- encrypted_types.Put(THEMES);
- if (nigori.encrypt_typed_urls())
- encrypted_types.Put(TYPED_URLS);
- if (nigori.encrypt_extension_settings())
- encrypted_types.Put(EXTENSION_SETTINGS);
- if (nigori.encrypt_extensions())
- encrypted_types.Put(EXTENSIONS);
- if (nigori.encrypt_search_engines())
- encrypted_types.Put(SEARCH_ENGINES);
- if (nigori.encrypt_sessions())
- encrypted_types.Put(SESSIONS);
- if (nigori.encrypt_app_settings())
- encrypted_types.Put(APP_SETTINGS);
- if (nigori.encrypt_apps())
- encrypted_types.Put(APPS);
- if (nigori.encrypt_app_notifications())
- encrypted_types.Put(APP_NOTIFICATIONS);
- if (nigori.encrypt_dictionary())
- encrypted_types.Put(DICTIONARY);
- if (nigori.encrypt_favicon_images())
- encrypted_types.Put(FAVICON_IMAGES);
- if (nigori.encrypt_favicon_tracking())
- encrypted_types.Put(FAVICON_TRACKING);
- if (nigori.encrypt_articles())
- encrypted_types.Put(ARTICLES);
- if (nigori.encrypt_app_list())
- encrypted_types.Put(APP_LIST);
- if (nigori.encrypt_arc_package())
- encrypted_types.Put(ARC_PACKAGE);
- return encrypted_types;
-}
-
-} // namespace syncable
-} // namespace syncer
« no previous file with comments | « sync/syncable/nigori_util.h ('k') | sync/syncable/nigori_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698