OLD | NEW |
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" | 5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
189 } | 189 } |
190 old_keystore_keys->resize(number_of_keystore_keys - 1); | 190 old_keystore_keys->resize(number_of_keystore_keys - 1); |
191 for (int i = 0; i < number_of_keystore_keys - 1; ++i) | 191 for (int i = 0; i < number_of_keystore_keys - 1; ++i) |
192 internal_list_value->GetString(i, &(*old_keystore_keys)[i]); | 192 internal_list_value->GetString(i, &(*old_keystore_keys)[i]); |
193 return true; | 193 return true; |
194 } | 194 } |
195 | 195 |
196 } // namespace | 196 } // namespace |
197 | 197 |
198 SyncEncryptionHandlerImpl::Vault::Vault(Encryptor* encryptor, | 198 SyncEncryptionHandlerImpl::Vault::Vault(Encryptor* encryptor, |
199 ModelTypeSet encrypted_types) | 199 ModelTypeSet encrypted_types, |
200 : cryptographer(encryptor), encrypted_types(encrypted_types) {} | 200 PassphraseType passphrase_type) |
| 201 : cryptographer(encryptor), |
| 202 encrypted_types(encrypted_types), |
| 203 passphrase_type(passphrase_type) {} |
201 | 204 |
202 SyncEncryptionHandlerImpl::Vault::~Vault() {} | 205 SyncEncryptionHandlerImpl::Vault::~Vault() {} |
203 | 206 |
204 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( | 207 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( |
205 UserShare* user_share, | 208 UserShare* user_share, |
206 Encryptor* encryptor, | 209 Encryptor* encryptor, |
207 const std::string& restored_key_for_bootstrapping, | 210 const std::string& restored_key_for_bootstrapping, |
208 const std::string& restored_keystore_key_for_bootstrapping) | 211 const std::string& restored_keystore_key_for_bootstrapping) |
209 : user_share_(user_share), | 212 : user_share_(user_share), |
210 vault_unsafe_(encryptor, SensitiveTypes()), | 213 vault_unsafe_(encryptor, |
| 214 SensitiveTypes(), |
| 215 PassphraseType::IMPLICIT_PASSPHRASE), |
211 encrypt_everything_(false), | 216 encrypt_everything_(false), |
212 passphrase_type_(PassphraseType::IMPLICIT_PASSPHRASE), | |
213 nigori_overwrite_count_(0), | 217 nigori_overwrite_count_(0), |
214 weak_ptr_factory_(this) { | 218 weak_ptr_factory_(this) { |
215 // Restore the cryptographer's previous keys. Note that we don't add the | 219 // Restore the cryptographer's previous keys. Note that we don't add the |
216 // keystore keys into the cryptographer here, in case a migration was pending. | 220 // keystore keys into the cryptographer here, in case a migration was pending. |
217 vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping); | 221 vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping); |
218 | 222 |
219 // If this fails, we won't have a valid keystore key, and will simply request | 223 // If this fails, we won't have a valid keystore key, and will simply request |
220 // new ones from the server on the next DownloadUpdates. | 224 // new ones from the server on the next DownloadUpdates. |
221 UnpackKeystoreBootstrapToken(restored_keystore_key_for_bootstrapping, | 225 UnpackKeystoreBootstrapToken(restored_keystore_key_for_bootstrapping, |
222 encryptor, &old_keystore_keys_, &keystore_key_); | 226 encryptor, &old_keystore_keys_, &keystore_key_); |
(...skipping 19 matching lines...) Expand all Loading... |
242 WriteNode node(&trans); | 246 WriteNode node(&trans); |
243 | 247 |
244 if (node.InitTypeRoot(NIGORI) != BaseNode::INIT_OK) | 248 if (node.InitTypeRoot(NIGORI) != BaseNode::INIT_OK) |
245 return; | 249 return; |
246 if (!ApplyNigoriUpdateImpl(node.GetNigoriSpecifics(), | 250 if (!ApplyNigoriUpdateImpl(node.GetNigoriSpecifics(), |
247 trans.GetWrappedTrans())) { | 251 trans.GetWrappedTrans())) { |
248 WriteEncryptionStateToNigori(&trans); | 252 WriteEncryptionStateToNigori(&trans); |
249 } | 253 } |
250 | 254 |
251 UMA_HISTOGRAM_ENUMERATION( | 255 UMA_HISTOGRAM_ENUMERATION( |
252 "Sync.PassphraseType", static_cast<unsigned>(GetPassphraseType()), | 256 "Sync.PassphraseType", |
| 257 static_cast<unsigned>(GetPassphraseType(trans.GetWrappedTrans())), |
253 static_cast<unsigned>(PassphraseType::PASSPHRASE_TYPE_SIZE)); | 258 static_cast<unsigned>(PassphraseType::PASSPHRASE_TYPE_SIZE)); |
254 | 259 |
255 bool has_pending_keys = | 260 bool has_pending_keys = |
256 UnlockVault(trans.GetWrappedTrans()).cryptographer.has_pending_keys(); | 261 UnlockVault(trans.GetWrappedTrans()).cryptographer.has_pending_keys(); |
257 bool is_ready = UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready(); | 262 bool is_ready = UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready(); |
258 // Log the state of the cryptographer regardless of migration state. | 263 // Log the state of the cryptographer regardless of migration state. |
259 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerReady", is_ready); | 264 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerReady", is_ready); |
260 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerPendingKeys", has_pending_keys); | 265 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerPendingKeys", has_pending_keys); |
261 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics())) { | 266 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics())) { |
262 // This account has a nigori node that has been migrated to support | 267 // This account has a nigori node that has been migrated to support |
263 // keystore. | 268 // keystore. |
264 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", MIGRATED, | 269 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", MIGRATED, |
265 MIGRATION_STATE_SIZE); | 270 MIGRATION_STATE_SIZE); |
266 if (has_pending_keys && | 271 if (has_pending_keys && |
267 passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE) { | 272 GetPassphraseType(trans.GetWrappedTrans()) == |
| 273 PassphraseType::KEYSTORE_PASSPHRASE) { |
268 // If this is happening, it means the keystore decryptor is either | 274 // If this is happening, it means the keystore decryptor is either |
269 // undecryptable with the available keystore keys or does not match the | 275 // undecryptable with the available keystore keys or does not match the |
270 // nigori keybag's encryption key. Otherwise we're simply missing the | 276 // nigori keybag's encryption key. Otherwise we're simply missing the |
271 // keystore key. | 277 // keystore key. |
272 UMA_HISTOGRAM_BOOLEAN("Sync.KeystoreDecryptionFailed", | 278 UMA_HISTOGRAM_BOOLEAN("Sync.KeystoreDecryptionFailed", |
273 !keystore_key_.empty()); | 279 !keystore_key_.empty()); |
274 } | 280 } |
275 } else if (!is_ready) { | 281 } else if (!is_ready) { |
276 // Migration cannot occur until the cryptographer is ready (initialized | 282 // Migration cannot occur until the cryptographer is ready (initialized |
277 // with GAIA password and any pending keys resolved). | 283 // with GAIA password and any pending keys resolved). |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
353 // logged as true. | 359 // logged as true. |
354 UMA_HISTOGRAM_BOOLEAN("Sync.CustomEncryption", true); | 360 UMA_HISTOGRAM_BOOLEAN("Sync.CustomEncryption", true); |
355 return; | 361 return; |
356 } | 362 } |
357 | 363 |
358 std::string bootstrap_token; | 364 std::string bootstrap_token; |
359 sync_pb::EncryptedData pending_keys; | 365 sync_pb::EncryptedData pending_keys; |
360 if (cryptographer->has_pending_keys()) | 366 if (cryptographer->has_pending_keys()) |
361 pending_keys = cryptographer->GetPendingKeys(); | 367 pending_keys = cryptographer->GetPendingKeys(); |
362 bool success = false; | 368 bool success = false; |
363 | 369 PassphraseType* passphrase_type = |
| 370 &UnlockVaultMutable(trans.GetWrappedTrans())->passphrase_type; |
364 // There are six cases to handle here: | 371 // There are six cases to handle here: |
365 // 1. The user has no pending keys and is setting their current GAIA password | 372 // 1. The user has no pending keys and is setting their current GAIA password |
366 // as the encryption passphrase. This happens either during first time sync | 373 // as the encryption passphrase. This happens either during first time sync |
367 // with a clean profile, or after re-authenticating on a profile that was | 374 // with a clean profile, or after re-authenticating on a profile that was |
368 // already signed in with the cryptographer ready. | 375 // already signed in with the cryptographer ready. |
369 // 2. The user has no pending keys, and is overwriting an (already provided) | 376 // 2. The user has no pending keys, and is overwriting an (already provided) |
370 // implicit passphrase with an explicit (custom) passphrase. | 377 // implicit passphrase with an explicit (custom) passphrase. |
371 // 3. The user has pending keys for an explicit passphrase that is somehow set | 378 // 3. The user has pending keys for an explicit passphrase that is somehow set |
372 // to their current GAIA passphrase. | 379 // to their current GAIA passphrase. |
373 // 4. The user has pending keys encrypted with their current GAIA passphrase | 380 // 4. The user has pending keys encrypted with their current GAIA passphrase |
374 // and the caller passes in the current GAIA passphrase. | 381 // and the caller passes in the current GAIA passphrase. |
375 // 5. The user has pending keys encrypted with an older GAIA passphrase | 382 // 5. The user has pending keys encrypted with an older GAIA passphrase |
376 // and the caller passes in the current GAIA passphrase. | 383 // and the caller passes in the current GAIA passphrase. |
377 // 6. The user has previously done encryption with an explicit passphrase. | 384 // 6. The user has previously done encryption with an explicit passphrase. |
378 // Furthermore, we enforce the fact that the bootstrap encryption token will | 385 // Furthermore, we enforce the fact that the bootstrap encryption token will |
379 // always be derived from the newest GAIA password if the account is using | 386 // always be derived from the newest GAIA password if the account is using |
380 // an implicit passphrase (even if the data is encrypted with an old GAIA | 387 // an implicit passphrase (even if the data is encrypted with an old GAIA |
381 // password). If the account is using an explicit (custom) passphrase, the | 388 // password). If the account is using an explicit (custom) passphrase, the |
382 // bootstrap token will be derived from the most recently provided explicit | 389 // bootstrap token will be derived from the most recently provided explicit |
383 // passphrase (that was able to decrypt the data). | 390 // passphrase (that was able to decrypt the data). |
384 if (!IsExplicitPassphrase(passphrase_type_)) { | 391 if (!IsExplicitPassphrase(*passphrase_type)) { |
385 if (!cryptographer->has_pending_keys()) { | 392 if (!cryptographer->has_pending_keys()) { |
386 if (cryptographer->AddKey(key_params)) { | 393 if (cryptographer->AddKey(key_params)) { |
387 // Case 1 and 2. We set a new GAIA passphrase when there are no pending | 394 // Case 1 and 2. We set a new GAIA passphrase when there are no pending |
388 // keys (1), or overwriting an implicit passphrase with a new explicit | 395 // keys (1), or overwriting an implicit passphrase with a new explicit |
389 // one (2) when there are no pending keys. | 396 // one (2) when there are no pending keys. |
390 if (is_explicit) { | 397 if (is_explicit) { |
391 DVLOG(1) << "Setting explicit passphrase for encryption."; | 398 DVLOG(1) << "Setting explicit passphrase for encryption."; |
392 passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE; | 399 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
393 custom_passphrase_time_ = base::Time::Now(); | 400 custom_passphrase_time_ = base::Time::Now(); |
394 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 401 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
395 OnPassphraseTypeChanged( | 402 OnPassphraseTypeChanged( |
396 passphrase_type_, GetExplicitPassphraseTime())); | 403 *passphrase_type, |
| 404 GetExplicitPassphraseTime(*passphrase_type))); |
397 } else { | 405 } else { |
398 DVLOG(1) << "Setting implicit passphrase for encryption."; | 406 DVLOG(1) << "Setting implicit passphrase for encryption."; |
399 } | 407 } |
400 cryptographer->GetBootstrapToken(&bootstrap_token); | 408 cryptographer->GetBootstrapToken(&bootstrap_token); |
401 | 409 |
402 // With M26, sync accounts can be in only one of two encryption states: | 410 // With M26, sync accounts can be in only one of two encryption states: |
403 // 1) Encrypt only passwords with an implicit passphrase. | 411 // 1) Encrypt only passwords with an implicit passphrase. |
404 // 2) Encrypt all sync datatypes with an explicit passphrase. | 412 // 2) Encrypt all sync datatypes with an explicit passphrase. |
405 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, | 413 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, |
406 // and keep track of an account's encryption state via the | 414 // and keep track of an account's encryption state via the |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
440 temp_cryptographer.GetBootstrapToken(&bootstrap_token); | 448 temp_cryptographer.GetBootstrapToken(&bootstrap_token); |
441 // We then set the new passphrase as the default passphrase of the | 449 // We then set the new passphrase as the default passphrase of the |
442 // real cryptographer, even though we have pending keys. This is safe, | 450 // real cryptographer, even though we have pending keys. This is safe, |
443 // as although Cryptographer::is_initialized() will now be true, | 451 // as although Cryptographer::is_initialized() will now be true, |
444 // is_ready() will remain false due to having pending keys. | 452 // is_ready() will remain false due to having pending keys. |
445 cryptographer->AddKey(key_params); | 453 cryptographer->AddKey(key_params); |
446 success = false; | 454 success = false; |
447 } | 455 } |
448 } // is_explicit | 456 } // is_explicit |
449 } // cryptographer->has_pending_keys() | 457 } // cryptographer->has_pending_keys() |
450 } else { // IsExplicitPassphrase(passphrase_type_) == true. | 458 } else { // IsExplicitPassphrase(passphrase_type) == true. |
451 // Case 6. We do not want to override a previously set explicit passphrase, | 459 // Case 6. We do not want to override a previously set explicit passphrase, |
452 // so we return a failure. | 460 // so we return a failure. |
453 DVLOG(1) << "Failing because an explicit passphrase is already set."; | 461 DVLOG(1) << "Failing because an explicit passphrase is already set."; |
454 success = false; | 462 success = false; |
455 } | 463 } |
456 | 464 |
457 DVLOG_IF(1, !success) | 465 DVLOG_IF(1, !success) |
458 << "Failure in SetEncryptionPassphrase; notifying and returning."; | 466 << "Failure in SetEncryptionPassphrase; notifying and returning."; |
459 DVLOG_IF(1, success) | 467 DVLOG_IF(1, success) |
460 << "Successfully set encryption passphrase; updating nigori and " | 468 << "Successfully set encryption passphrase; updating nigori and " |
(...skipping 19 matching lines...) Expand all Loading... |
480 NOTREACHED(); | 488 NOTREACHED(); |
481 return; | 489 return; |
482 } | 490 } |
483 | 491 |
484 // Once we've migrated to keystore, we're only ever decrypting keys derived | 492 // Once we've migrated to keystore, we're only ever decrypting keys derived |
485 // from an explicit passphrase. But, for clients without a keystore key yet | 493 // from an explicit passphrase. But, for clients without a keystore key yet |
486 // (either not on by default or failed to download one), we still support | 494 // (either not on by default or failed to download one), we still support |
487 // decrypting with a gaia passphrase, and therefore bypass the | 495 // decrypting with a gaia passphrase, and therefore bypass the |
488 // DecryptPendingKeysWithExplicitPassphrase logic. | 496 // DecryptPendingKeysWithExplicitPassphrase logic. |
489 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics()) && | 497 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics()) && |
490 IsExplicitPassphrase(passphrase_type_)) { | 498 IsExplicitPassphrase(GetPassphraseType(trans.GetWrappedTrans()))) { |
491 DecryptPendingKeysWithExplicitPassphrase(passphrase, &trans, &node); | 499 DecryptPendingKeysWithExplicitPassphrase(passphrase, &trans, &node); |
492 return; | 500 return; |
493 } | 501 } |
494 | 502 |
495 Cryptographer* cryptographer = | 503 Cryptographer* cryptographer = |
496 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer; | 504 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer; |
497 if (!cryptographer->has_pending_keys()) { | 505 if (!cryptographer->has_pending_keys()) { |
498 // Note that this *can* happen in a rare situation where data is | 506 // Note that this *can* happen in a rare situation where data is |
499 // re-encrypted on another client while a SetDecryptionPassphrase() call is | 507 // re-encrypted on another client while a SetDecryptionPassphrase() call is |
500 // in-flight on this client. It is rare enough that we choose to do nothing. | 508 // in-flight on this client. It is rare enough that we choose to do nothing. |
(...skipping 13 matching lines...) Expand all Loading... |
514 // passphrase, where the data is already encrypted with the newest GAIA | 522 // passphrase, where the data is already encrypted with the newest GAIA |
515 // password. | 523 // password. |
516 // 8. The user is providing an old GAIA password to decrypt the pending keys. | 524 // 8. The user is providing an old GAIA password to decrypt the pending keys. |
517 // In this case, the user is using an implicit passphrase, but has changed | 525 // In this case, the user is using an implicit passphrase, but has changed |
518 // their password since they last encrypted their data, and therefore | 526 // their password since they last encrypted their data, and therefore |
519 // their current GAIA password was unable to decrypt the data. This will | 527 // their current GAIA password was unable to decrypt the data. This will |
520 // happen when the user is setting up a new profile with a previously | 528 // happen when the user is setting up a new profile with a previously |
521 // encrypted account (after changing passwords). | 529 // encrypted account (after changing passwords). |
522 // 9. The user is providing a previously set explicit passphrase to decrypt | 530 // 9. The user is providing a previously set explicit passphrase to decrypt |
523 // the pending keys. | 531 // the pending keys. |
524 if (!IsExplicitPassphrase(passphrase_type_)) { | 532 if (!IsExplicitPassphrase(GetPassphraseType(trans.GetWrappedTrans()))) { |
525 if (cryptographer->is_initialized()) { | 533 if (cryptographer->is_initialized()) { |
526 // We only want to change the default encryption key to the pending | 534 // We only want to change the default encryption key to the pending |
527 // one if the pending keybag already contains the current default. | 535 // one if the pending keybag already contains the current default. |
528 // This covers the case where a different client re-encrypted | 536 // This covers the case where a different client re-encrypted |
529 // everything with a newer gaia passphrase (and hence the keybag | 537 // everything with a newer gaia passphrase (and hence the keybag |
530 // contains keys from all previously used gaia passphrases). | 538 // contains keys from all previously used gaia passphrases). |
531 // Otherwise, we're in a situation where the pending keys are | 539 // Otherwise, we're in a situation where the pending keys are |
532 // encrypted with an old gaia passphrase, while the default is the | 540 // encrypted with an old gaia passphrase, while the default is the |
533 // current gaia passphrase. In that case, we preserve the default. | 541 // current gaia passphrase. In that case, we preserve the default. |
534 Cryptographer temp_cryptographer(cryptographer->encryptor()); | 542 Cryptographer temp_cryptographer(cryptographer->encryptor()); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
620 WriteEncryptionStateToNigori(&trans); | 628 WriteEncryptionStateToNigori(&trans); |
621 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) | 629 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) |
622 ReEncryptEverything(&trans); | 630 ReEncryptEverything(&trans); |
623 } | 631 } |
624 | 632 |
625 bool SyncEncryptionHandlerImpl::IsEncryptEverythingEnabled() const { | 633 bool SyncEncryptionHandlerImpl::IsEncryptEverythingEnabled() const { |
626 DCHECK(thread_checker_.CalledOnValidThread()); | 634 DCHECK(thread_checker_.CalledOnValidThread()); |
627 return encrypt_everything_; | 635 return encrypt_everything_; |
628 } | 636 } |
629 | 637 |
630 PassphraseType SyncEncryptionHandlerImpl::GetPassphraseType() const { | |
631 DCHECK(thread_checker_.CalledOnValidThread()); | |
632 return passphrase_type_; | |
633 } | |
634 | |
635 // Note: this is called from within a syncable transaction, so we need to post | 638 // Note: this is called from within a syncable transaction, so we need to post |
636 // tasks if we want to do any work that creates a new sync_api transaction. | 639 // tasks if we want to do any work that creates a new sync_api transaction. |
637 void SyncEncryptionHandlerImpl::ApplyNigoriUpdate( | 640 void SyncEncryptionHandlerImpl::ApplyNigoriUpdate( |
638 const sync_pb::NigoriSpecifics& nigori, | 641 const sync_pb::NigoriSpecifics& nigori, |
639 syncable::BaseTransaction* const trans) { | 642 syncable::BaseTransaction* const trans) { |
640 DCHECK(thread_checker_.CalledOnValidThread()); | 643 DCHECK(thread_checker_.CalledOnValidThread()); |
641 DCHECK(trans); | 644 DCHECK(trans); |
642 if (!ApplyNigoriUpdateImpl(nigori, trans)) { | 645 if (!ApplyNigoriUpdateImpl(nigori, trans)) { |
643 base::ThreadTaskRunnerHandle::Get()->PostTask( | 646 base::ThreadTaskRunnerHandle::Get()->PostTask( |
644 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, | 647 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
709 const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori(); | 712 const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori(); |
710 if (cryptographer->has_pending_keys() && IsNigoriMigratedToKeystore(nigori) && | 713 if (cryptographer->has_pending_keys() && IsNigoriMigratedToKeystore(nigori) && |
711 !nigori.keystore_decryptor_token().blob().empty()) { | 714 !nigori.keystore_decryptor_token().blob().empty()) { |
712 // If the nigori is already migrated and we have pending keys, we might | 715 // If the nigori is already migrated and we have pending keys, we might |
713 // be able to decrypt them using either the keystore decryptor token | 716 // be able to decrypt them using either the keystore decryptor token |
714 // or the existing keystore keys. | 717 // or the existing keystore keys. |
715 DecryptPendingKeysWithKeystoreKey( | 718 DecryptPendingKeysWithKeystoreKey( |
716 keystore_key_, nigori.keystore_decryptor_token(), cryptographer); | 719 keystore_key_, nigori.keystore_decryptor_token(), cryptographer); |
717 } | 720 } |
718 | 721 |
| 722 PassphraseType* passphrase_type = &UnlockVaultMutable(trans)->passphrase_type; |
719 // Note that triggering migration will have no effect if we're already | 723 // Note that triggering migration will have no effect if we're already |
720 // properly migrated with the newest keystore keys. | 724 // properly migrated with the newest keystore keys. |
721 if (ShouldTriggerMigration(nigori, *cryptographer)) { | 725 if (ShouldTriggerMigration(nigori, *cryptographer, passphrase_type)) { |
722 base::ThreadTaskRunnerHandle::Get()->PostTask( | 726 base::ThreadTaskRunnerHandle::Get()->PostTask( |
723 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, | 727 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, |
724 weak_ptr_factory_.GetWeakPtr())); | 728 weak_ptr_factory_.GetWeakPtr())); |
725 } | 729 } |
726 | 730 |
727 return true; | 731 return true; |
728 } | 732 } |
729 | 733 |
730 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( | 734 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( |
731 syncable::BaseTransaction* const trans) const { | 735 syncable::BaseTransaction* const trans) const { |
732 return UnlockVault(trans).encrypted_types; | 736 return UnlockVault(trans).encrypted_types; |
733 } | 737 } |
734 | 738 |
| 739 PassphraseType SyncEncryptionHandlerImpl::GetPassphraseType( |
| 740 syncable::BaseTransaction* const trans) const { |
| 741 return UnlockVault(trans).passphrase_type; |
| 742 } |
| 743 |
735 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { | 744 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { |
736 DCHECK(thread_checker_.CalledOnValidThread()); | 745 DCHECK(thread_checker_.CalledOnValidThread()); |
737 return &vault_unsafe_.cryptographer; | 746 return &vault_unsafe_.cryptographer; |
738 } | 747 } |
739 | 748 |
740 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypesUnsafe() { | 749 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypesUnsafe() { |
741 DCHECK(thread_checker_.CalledOnValidThread()); | 750 DCHECK(thread_checker_.CalledOnValidThread()); |
742 return vault_unsafe_.encrypted_types; | 751 return vault_unsafe_.encrypted_types; |
743 } | 752 } |
744 | 753 |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
858 syncable::BaseTransaction* const trans) { | 867 syncable::BaseTransaction* const trans) { |
859 DCHECK(thread_checker_.CalledOnValidThread()); | 868 DCHECK(thread_checker_.CalledOnValidThread()); |
860 DVLOG(1) << "Applying nigori node update."; | 869 DVLOG(1) << "Applying nigori node update."; |
861 bool nigori_types_need_update = | 870 bool nigori_types_need_update = |
862 !UpdateEncryptedTypesFromNigori(nigori, trans); | 871 !UpdateEncryptedTypesFromNigori(nigori, trans); |
863 | 872 |
864 if (nigori.custom_passphrase_time() != 0) { | 873 if (nigori.custom_passphrase_time() != 0) { |
865 custom_passphrase_time_ = ProtoTimeToTime(nigori.custom_passphrase_time()); | 874 custom_passphrase_time_ = ProtoTimeToTime(nigori.custom_passphrase_time()); |
866 } | 875 } |
867 bool is_nigori_migrated = IsNigoriMigratedToKeystore(nigori); | 876 bool is_nigori_migrated = IsNigoriMigratedToKeystore(nigori); |
| 877 PassphraseType* passphrase_type = &UnlockVaultMutable(trans)->passphrase_type; |
868 if (is_nigori_migrated) { | 878 if (is_nigori_migrated) { |
869 migration_time_ = ProtoTimeToTime(nigori.keystore_migration_time()); | 879 migration_time_ = ProtoTimeToTime(nigori.keystore_migration_time()); |
870 PassphraseType nigori_passphrase_type = | 880 PassphraseType nigori_passphrase_type = |
871 ProtoPassphraseTypeToEnum(nigori.passphrase_type()); | 881 ProtoPassphraseTypeToEnum(nigori.passphrase_type()); |
872 | 882 |
873 // Only update the local passphrase state if it's a valid transition: | 883 // Only update the local passphrase state if it's a valid transition: |
874 // - implicit -> keystore | 884 // - implicit -> keystore |
875 // - implicit -> frozen implicit | 885 // - implicit -> frozen implicit |
876 // - implicit -> custom | 886 // - implicit -> custom |
877 // - keystore -> custom | 887 // - keystore -> custom |
878 // Note: frozen implicit -> custom is not technically a valid transition, | 888 // Note: frozen implicit -> custom is not technically a valid transition, |
879 // but we let it through here as well in case future versions do add support | 889 // but we let it through here as well in case future versions do add support |
880 // for this transition. | 890 // for this transition. |
881 if (passphrase_type_ != nigori_passphrase_type && | 891 if (*passphrase_type != nigori_passphrase_type && |
882 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && | 892 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && |
883 (passphrase_type_ == PassphraseType::IMPLICIT_PASSPHRASE || | 893 (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE || |
884 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { | 894 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { |
885 DVLOG(1) << "Changing passphrase state from " | 895 DVLOG(1) << "Changing passphrase state from " |
886 << PassphraseTypeToString(passphrase_type_) << " to " | 896 << PassphraseTypeToString(*passphrase_type) << " to " |
887 << PassphraseTypeToString(nigori_passphrase_type); | 897 << PassphraseTypeToString(nigori_passphrase_type); |
888 passphrase_type_ = nigori_passphrase_type; | 898 *passphrase_type = nigori_passphrase_type; |
889 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 899 FOR_EACH_OBSERVER( |
890 OnPassphraseTypeChanged(passphrase_type_, | 900 SyncEncryptionHandler::Observer, observers_, |
891 GetExplicitPassphraseTime())); | 901 OnPassphraseTypeChanged(*passphrase_type, |
| 902 GetExplicitPassphraseTime(*passphrase_type))); |
892 } | 903 } |
893 if (passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE && | 904 if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && |
894 encrypt_everything_) { | 905 encrypt_everything_) { |
895 // This is the case where another client that didn't support keystore | 906 // This is the case where another client that didn't support keystore |
896 // encryption attempted to enable full encryption. We detect it | 907 // encryption attempted to enable full encryption. We detect it |
897 // and switch the passphrase type to frozen implicit passphrase instead | 908 // and switch the passphrase type to frozen implicit passphrase instead |
898 // due to full encryption not being compatible with keystore passphrase. | 909 // due to full encryption not being compatible with keystore passphrase. |
899 // Because the local passphrase type will not match the nigori passphrase | 910 // Because the local passphrase type will not match the nigori passphrase |
900 // type, we will trigger a rewrite and subsequently a re-migration. | 911 // type, we will trigger a rewrite and subsequently a re-migration. |
901 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " | 912 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " |
902 << "due to full encryption."; | 913 << "due to full encryption."; |
903 passphrase_type_ = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; | 914 *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; |
904 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 915 FOR_EACH_OBSERVER( |
905 OnPassphraseTypeChanged(passphrase_type_, | 916 SyncEncryptionHandler::Observer, observers_, |
906 GetExplicitPassphraseTime())); | 917 OnPassphraseTypeChanged(*passphrase_type, |
| 918 GetExplicitPassphraseTime(*passphrase_type))); |
907 } | 919 } |
908 } else { | 920 } else { |
909 // It's possible that while we're waiting for migration a client that does | 921 // It's possible that while we're waiting for migration a client that does |
910 // not have keystore encryption enabled switches to a custom passphrase. | 922 // not have keystore encryption enabled switches to a custom passphrase. |
911 if (nigori.keybag_is_frozen() && | 923 if (nigori.keybag_is_frozen() && |
912 passphrase_type_ != PassphraseType::CUSTOM_PASSPHRASE) { | 924 *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) { |
913 passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE; | 925 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
914 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 926 FOR_EACH_OBSERVER( |
915 OnPassphraseTypeChanged(passphrase_type_, | 927 SyncEncryptionHandler::Observer, observers_, |
916 GetExplicitPassphraseTime())); | 928 OnPassphraseTypeChanged(*passphrase_type, |
| 929 GetExplicitPassphraseTime(*passphrase_type))); |
917 } | 930 } |
918 } | 931 } |
919 | 932 |
920 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; | 933 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; |
921 bool nigori_needs_new_keys = false; | 934 bool nigori_needs_new_keys = false; |
922 if (!nigori.encryption_keybag().blob().empty()) { | 935 if (!nigori.encryption_keybag().blob().empty()) { |
923 // We only update the default key if this was a new explicit passphrase. | 936 // We only update the default key if this was a new explicit passphrase. |
924 // Else, since it was decryptable, it must not have been a new key. | 937 // Else, since it was decryptable, it must not have been a new key. |
925 bool need_new_default_key = false; | 938 bool need_new_default_key = false; |
926 if (is_nigori_migrated) { | 939 if (is_nigori_migrated) { |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
971 DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not " | 984 DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not " |
972 << "ready"; | 985 << "ready"; |
973 FOR_EACH_OBSERVER( | 986 FOR_EACH_OBSERVER( |
974 SyncEncryptionHandler::Observer, observers_, | 987 SyncEncryptionHandler::Observer, observers_, |
975 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); | 988 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); |
976 } | 989 } |
977 | 990 |
978 // Check if the current local encryption state is stricter/newer than the | 991 // Check if the current local encryption state is stricter/newer than the |
979 // nigori state. If so, we need to overwrite the nigori node with the local | 992 // nigori state. If so, we need to overwrite the nigori node with the local |
980 // state. | 993 // state. |
981 bool passphrase_type_matches = true; | 994 bool passphrase_typematches = true; |
982 if (!is_nigori_migrated) { | 995 if (!is_nigori_migrated) { |
983 DCHECK(passphrase_type_ == PassphraseType::CUSTOM_PASSPHRASE || | 996 DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || |
984 passphrase_type_ == PassphraseType::IMPLICIT_PASSPHRASE); | 997 *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE); |
985 passphrase_type_matches = | 998 passphrase_typematches = |
986 nigori.keybag_is_frozen() == IsExplicitPassphrase(passphrase_type_); | 999 nigori.keybag_is_frozen() == IsExplicitPassphrase(*passphrase_type); |
987 } else { | 1000 } else { |
988 passphrase_type_matches = | 1001 passphrase_typematches = |
989 (ProtoPassphraseTypeToEnum(nigori.passphrase_type()) == | 1002 (ProtoPassphraseTypeToEnum(nigori.passphrase_type()) == |
990 passphrase_type_); | 1003 *passphrase_type); |
991 } | 1004 } |
992 if (!passphrase_type_matches || | 1005 if (!passphrase_typematches || |
993 nigori.encrypt_everything() != encrypt_everything_ || | 1006 nigori.encrypt_everything() != encrypt_everything_ || |
994 nigori_types_need_update || nigori_needs_new_keys) { | 1007 nigori_types_need_update || nigori_needs_new_keys) { |
995 DVLOG(1) << "Triggering nigori rewrite."; | 1008 DVLOG(1) << "Triggering nigori rewrite."; |
996 return false; | 1009 return false; |
997 } | 1010 } |
998 return true; | 1011 return true; |
999 } | 1012 } |
1000 | 1013 |
1001 void SyncEncryptionHandlerImpl::RewriteNigori() { | 1014 void SyncEncryptionHandlerImpl::RewriteNigori() { |
1002 DVLOG(1) << "Writing local encryption state into nigori."; | 1015 DVLOG(1) << "Writing local encryption state into nigori."; |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1095 } | 1108 } |
1096 | 1109 |
1097 void SyncEncryptionHandlerImpl::SetCustomPassphrase( | 1110 void SyncEncryptionHandlerImpl::SetCustomPassphrase( |
1098 const std::string& passphrase, | 1111 const std::string& passphrase, |
1099 WriteTransaction* trans, | 1112 WriteTransaction* trans, |
1100 WriteNode* nigori_node) { | 1113 WriteNode* nigori_node) { |
1101 DCHECK(thread_checker_.CalledOnValidThread()); | 1114 DCHECK(thread_checker_.CalledOnValidThread()); |
1102 DCHECK(IsNigoriMigratedToKeystore(nigori_node->GetNigoriSpecifics())); | 1115 DCHECK(IsNigoriMigratedToKeystore(nigori_node->GetNigoriSpecifics())); |
1103 KeyParams key_params = {"localhost", "dummy", passphrase}; | 1116 KeyParams key_params = {"localhost", "dummy", passphrase}; |
1104 | 1117 |
1105 if (passphrase_type_ != PassphraseType::KEYSTORE_PASSPHRASE) { | 1118 if (GetPassphraseType(trans->GetWrappedTrans()) != |
| 1119 PassphraseType::KEYSTORE_PASSPHRASE) { |
1106 DVLOG(1) << "Failing to set a custom passphrase because one has already " | 1120 DVLOG(1) << "Failing to set a custom passphrase because one has already " |
1107 << "been set."; | 1121 << "been set."; |
1108 FinishSetPassphrase(false, std::string(), trans, nigori_node); | 1122 FinishSetPassphrase(false, std::string(), trans, nigori_node); |
1109 return; | 1123 return; |
1110 } | 1124 } |
1111 | 1125 |
1112 Cryptographer* cryptographer = | 1126 Cryptographer* cryptographer = |
1113 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1127 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
1114 if (cryptographer->has_pending_keys()) { | 1128 if (cryptographer->has_pending_keys()) { |
1115 // This theoretically shouldn't happen, because the only way to have pending | 1129 // This theoretically shouldn't happen, because the only way to have pending |
1116 // keys after migrating to keystore support is if a custom passphrase was | 1130 // keys after migrating to keystore support is if a custom passphrase was |
1117 // set, which should update passpshrase_state_ and should be caught by the | 1131 // set, which should update passpshrase_state_ and should be caught by the |
1118 // if statement above. For the sake of safety though, we check for it in | 1132 // if statement above. For the sake of safety though, we check for it in |
1119 // case a client is misbehaving. | 1133 // case a client is misbehaving. |
1120 LOG(ERROR) << "Failing to set custom passphrase because of pending keys."; | 1134 LOG(ERROR) << "Failing to set custom passphrase because of pending keys."; |
1121 FinishSetPassphrase(false, std::string(), trans, nigori_node); | 1135 FinishSetPassphrase(false, std::string(), trans, nigori_node); |
1122 return; | 1136 return; |
1123 } | 1137 } |
1124 | 1138 |
1125 std::string bootstrap_token; | 1139 std::string bootstrap_token; |
1126 if (!cryptographer->AddKey(key_params)) { | 1140 if (!cryptographer->AddKey(key_params)) { |
1127 NOTREACHED() << "Failed to add key to cryptographer."; | 1141 NOTREACHED() << "Failed to add key to cryptographer."; |
1128 return; | 1142 return; |
1129 } | 1143 } |
1130 | 1144 |
1131 DVLOG(1) << "Setting custom passphrase."; | 1145 DVLOG(1) << "Setting custom passphrase."; |
1132 cryptographer->GetBootstrapToken(&bootstrap_token); | 1146 cryptographer->GetBootstrapToken(&bootstrap_token); |
1133 passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE; | 1147 PassphraseType* passphrase_type = |
| 1148 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; |
| 1149 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
1134 custom_passphrase_time_ = base::Time::Now(); | 1150 custom_passphrase_time_ = base::Time::Now(); |
1135 FOR_EACH_OBSERVER( | 1151 FOR_EACH_OBSERVER( |
1136 SyncEncryptionHandler::Observer, observers_, | 1152 SyncEncryptionHandler::Observer, observers_, |
1137 OnPassphraseTypeChanged(passphrase_type_, GetExplicitPassphraseTime())); | 1153 OnPassphraseTypeChanged(*passphrase_type, |
| 1154 GetExplicitPassphraseTime(*passphrase_type))); |
1138 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); | 1155 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); |
1139 } | 1156 } |
1140 | 1157 |
1141 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( | 1158 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( |
1142 WriteTransaction* trans) { | 1159 WriteTransaction* trans) { |
1143 WriteNode nigori_node(trans); | 1160 WriteNode nigori_node(trans); |
1144 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); | 1161 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); |
1145 DCHECK_EQ(init_result, BaseNode::INIT_OK); | 1162 DCHECK_EQ(init_result, BaseNode::INIT_OK); |
1146 NigoriState nigori_state; | 1163 NigoriState nigori_state; |
1147 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); | 1164 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); |
1148 DCHECK(nigori_state.nigori_specifics.passphrase_type() == | 1165 DCHECK(nigori_state.nigori_specifics.passphrase_type() == |
1149 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || | 1166 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || |
1150 nigori_state.nigori_specifics.passphrase_type() == | 1167 nigori_state.nigori_specifics.passphrase_type() == |
1151 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 1168 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
1152 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1169 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
1153 OnLocalSetPassphraseEncryption(nigori_state)); | 1170 OnLocalSetPassphraseEncryption(nigori_state)); |
1154 } | 1171 } |
1155 | 1172 |
1156 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( | 1173 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( |
1157 const std::string& passphrase, | 1174 const std::string& passphrase, |
1158 WriteTransaction* trans, | 1175 WriteTransaction* trans, |
1159 WriteNode* nigori_node) { | 1176 WriteNode* nigori_node) { |
1160 DCHECK(thread_checker_.CalledOnValidThread()); | 1177 DCHECK(thread_checker_.CalledOnValidThread()); |
1161 DCHECK(IsExplicitPassphrase(passphrase_type_)); | 1178 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1162 KeyParams key_params = {"localhost", "dummy", passphrase}; | 1179 KeyParams key_params = {"localhost", "dummy", passphrase}; |
1163 | 1180 |
1164 Cryptographer* cryptographer = | 1181 Cryptographer* cryptographer = |
1165 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1182 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
1166 if (!cryptographer->has_pending_keys()) { | 1183 if (!cryptographer->has_pending_keys()) { |
1167 // Note that this *can* happen in a rare situation where data is | 1184 // Note that this *can* happen in a rare situation where data is |
1168 // re-encrypted on another client while a SetDecryptionPassphrase() call is | 1185 // re-encrypted on another client while a SetDecryptionPassphrase() call is |
1169 // in-flight on this client. It is rare enough that we choose to do nothing. | 1186 // in-flight on this client. It is rare enough that we choose to do nothing. |
1170 NOTREACHED() << "Attempt to set decryption passphrase failed because there " | 1187 NOTREACHED() << "Attempt to set decryption passphrase failed because there " |
1171 << "were no pending keys."; | 1188 << "were no pending keys."; |
1172 return; | 1189 return; |
1173 } | 1190 } |
1174 | 1191 |
1175 DCHECK(IsExplicitPassphrase(passphrase_type_)); | 1192 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1176 bool success = false; | 1193 bool success = false; |
1177 std::string bootstrap_token; | 1194 std::string bootstrap_token; |
1178 if (cryptographer->DecryptPendingKeys(key_params)) { | 1195 if (cryptographer->DecryptPendingKeys(key_params)) { |
1179 DVLOG(1) << "Explicit passphrase accepted for decryption."; | 1196 DVLOG(1) << "Explicit passphrase accepted for decryption."; |
1180 cryptographer->GetBootstrapToken(&bootstrap_token); | 1197 cryptographer->GetBootstrapToken(&bootstrap_token); |
1181 success = true; | 1198 success = true; |
1182 } else { | 1199 } else { |
1183 DVLOG(1) << "Explicit passphrase failed to decrypt."; | 1200 DVLOG(1) << "Explicit passphrase failed to decrypt."; |
1184 success = false; | 1201 success = false; |
1185 } | 1202 } |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1237 // (in otherwords, if ShouldTriggerMigration is false). | 1254 // (in otherwords, if ShouldTriggerMigration is false). |
1238 // Otherwise will update the nigori node with the current migrated state, | 1255 // Otherwise will update the nigori node with the current migrated state, |
1239 // writing all encryption state as it does. | 1256 // writing all encryption state as it does. |
1240 if (!AttemptToMigrateNigoriToKeystore(trans, nigori_node)) { | 1257 if (!AttemptToMigrateNigoriToKeystore(trans, nigori_node)) { |
1241 sync_pb::NigoriSpecifics nigori(nigori_node->GetNigoriSpecifics()); | 1258 sync_pb::NigoriSpecifics nigori(nigori_node->GetNigoriSpecifics()); |
1242 // Does not modify nigori.encryption_keybag() if the original decrypted | 1259 // Does not modify nigori.encryption_keybag() if the original decrypted |
1243 // data was the same. | 1260 // data was the same. |
1244 if (!cryptographer.GetKeys(nigori.mutable_encryption_keybag())) | 1261 if (!cryptographer.GetKeys(nigori.mutable_encryption_keybag())) |
1245 NOTREACHED(); | 1262 NOTREACHED(); |
1246 if (IsNigoriMigratedToKeystore(nigori)) { | 1263 if (IsNigoriMigratedToKeystore(nigori)) { |
1247 DCHECK(keystore_key_.empty() || IsExplicitPassphrase(passphrase_type_)); | 1264 DCHECK(keystore_key_.empty() || |
| 1265 IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1248 DVLOG(1) << "Leaving nigori migration state untouched after setting" | 1266 DVLOG(1) << "Leaving nigori migration state untouched after setting" |
1249 << " passphrase."; | 1267 << " passphrase."; |
1250 } else { | 1268 } else { |
1251 nigori.set_keybag_is_frozen(IsExplicitPassphrase(passphrase_type_)); | 1269 nigori.set_keybag_is_frozen( |
| 1270 IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1252 } | 1271 } |
1253 // If we set a new custom passphrase, store the timestamp. | 1272 // If we set a new custom passphrase, store the timestamp. |
1254 if (!custom_passphrase_time_.is_null()) { | 1273 if (!custom_passphrase_time_.is_null()) { |
1255 nigori.set_custom_passphrase_time( | 1274 nigori.set_custom_passphrase_time( |
1256 TimeToProtoTime(custom_passphrase_time_)); | 1275 TimeToProtoTime(custom_passphrase_time_)); |
1257 } | 1276 } |
1258 nigori_node->SetNigoriSpecifics(nigori); | 1277 nigori_node->SetNigoriSpecifics(nigori); |
1259 } | 1278 } |
1260 | 1279 |
1261 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS | 1280 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1293 } | 1312 } |
1294 | 1313 |
1295 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( | 1314 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( |
1296 syncable::BaseTransaction* const trans) const { | 1315 syncable::BaseTransaction* const trans) const { |
1297 DCHECK_EQ(user_share_->directory.get(), trans->directory()); | 1316 DCHECK_EQ(user_share_->directory.get(), trans->directory()); |
1298 return vault_unsafe_; | 1317 return vault_unsafe_; |
1299 } | 1318 } |
1300 | 1319 |
1301 bool SyncEncryptionHandlerImpl::ShouldTriggerMigration( | 1320 bool SyncEncryptionHandlerImpl::ShouldTriggerMigration( |
1302 const sync_pb::NigoriSpecifics& nigori, | 1321 const sync_pb::NigoriSpecifics& nigori, |
1303 const Cryptographer& cryptographer) const { | 1322 const Cryptographer& cryptographer, |
| 1323 PassphraseType* passphrase_type) const { |
1304 DCHECK(thread_checker_.CalledOnValidThread()); | 1324 DCHECK(thread_checker_.CalledOnValidThread()); |
1305 // Don't migrate if there are pending encryption keys (because data | 1325 // Don't migrate if there are pending encryption keys (because data |
1306 // encrypted with the pending keys will not be decryptable). | 1326 // encrypted with the pending keys will not be decryptable). |
1307 if (cryptographer.has_pending_keys()) | 1327 if (cryptographer.has_pending_keys()) |
1308 return false; | 1328 return false; |
1309 if (IsNigoriMigratedToKeystore(nigori)) { | 1329 if (IsNigoriMigratedToKeystore(nigori)) { |
1310 // If the nigori is already migrated but does not reflect the explicit | 1330 // If the nigori is already migrated but does not reflect the explicit |
1311 // passphrase state, remigrate. Similarly, if the nigori has an explicit | 1331 // passphrase state, remigrate. Similarly, if the nigori has an explicit |
1312 // passphrase but does not have full encryption, or the nigori has an | 1332 // passphrase but does not have full encryption, or the nigori has an |
1313 // implicit passphrase but does have full encryption, re-migrate. | 1333 // implicit passphrase but does have full encryption, re-migrate. |
1314 // Note that this is to defend against other clients without keystore | 1334 // Note that this is to defend against other clients without keystore |
1315 // encryption enabled transitioning to states that are no longer valid. | 1335 // encryption enabled transitioning to states that are no longer valid. |
1316 if (passphrase_type_ != PassphraseType::KEYSTORE_PASSPHRASE && | 1336 if (*passphrase_type != PassphraseType::KEYSTORE_PASSPHRASE && |
1317 nigori.passphrase_type() == | 1337 nigori.passphrase_type() == |
1318 sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) { | 1338 sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) { |
1319 return true; | 1339 return true; |
1320 } else if (IsExplicitPassphrase(passphrase_type_) && !encrypt_everything_) { | 1340 } else if (IsExplicitPassphrase(*passphrase_type) && !encrypt_everything_) { |
1321 return true; | 1341 return true; |
1322 } else if (passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE && | 1342 } else if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && |
1323 encrypt_everything_) { | 1343 encrypt_everything_) { |
1324 return true; | 1344 return true; |
1325 } else if (cryptographer.is_ready() && | 1345 } else if (cryptographer.is_ready() && |
1326 !cryptographer.CanDecryptUsingDefaultKey( | 1346 !cryptographer.CanDecryptUsingDefaultKey( |
1327 nigori.encryption_keybag())) { | 1347 nigori.encryption_keybag())) { |
1328 // We need to overwrite the keybag. This might involve overwriting the | 1348 // We need to overwrite the keybag. This might involve overwriting the |
1329 // keystore decryptor too. | 1349 // keystore decryptor too. |
1330 return true; | 1350 return true; |
1331 } else if (old_keystore_keys_.size() > 0 && !keystore_key_.empty()) { | 1351 } else if (old_keystore_keys_.size() > 0 && !keystore_key_.empty()) { |
1332 // Check to see if a server key rotation has happened, but the nigori | 1352 // Check to see if a server key rotation has happened, but the nigori |
(...skipping 21 matching lines...) Expand all Loading... |
1354 } | 1374 } |
1355 | 1375 |
1356 bool SyncEncryptionHandlerImpl::AttemptToMigrateNigoriToKeystore( | 1376 bool SyncEncryptionHandlerImpl::AttemptToMigrateNigoriToKeystore( |
1357 WriteTransaction* trans, | 1377 WriteTransaction* trans, |
1358 WriteNode* nigori_node) { | 1378 WriteNode* nigori_node) { |
1359 DCHECK(thread_checker_.CalledOnValidThread()); | 1379 DCHECK(thread_checker_.CalledOnValidThread()); |
1360 const sync_pb::NigoriSpecifics& old_nigori = | 1380 const sync_pb::NigoriSpecifics& old_nigori = |
1361 nigori_node->GetNigoriSpecifics(); | 1381 nigori_node->GetNigoriSpecifics(); |
1362 Cryptographer* cryptographer = | 1382 Cryptographer* cryptographer = |
1363 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1383 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
1364 | 1384 PassphraseType* passphrase_type = |
1365 if (!ShouldTriggerMigration(old_nigori, *cryptographer)) | 1385 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; |
| 1386 if (!ShouldTriggerMigration(old_nigori, *cryptographer, passphrase_type)) |
1366 return false; | 1387 return false; |
1367 | 1388 |
1368 DVLOG(1) << "Starting nigori migration to keystore support."; | 1389 DVLOG(1) << "Starting nigori migration to keystore support."; |
1369 sync_pb::NigoriSpecifics migrated_nigori(old_nigori); | 1390 sync_pb::NigoriSpecifics migrated_nigori(old_nigori); |
1370 | 1391 |
1371 PassphraseType new_passphrase_type = passphrase_type_; | 1392 PassphraseType new_passphrase_type = |
| 1393 GetPassphraseType(trans->GetWrappedTrans()); |
1372 bool new_encrypt_everything = encrypt_everything_; | 1394 bool new_encrypt_everything = encrypt_everything_; |
1373 if (encrypt_everything_ && !IsExplicitPassphrase(passphrase_type_)) { | 1395 if (encrypt_everything_ && !IsExplicitPassphrase(*passphrase_type)) { |
1374 DVLOG(1) << "Switching to frozen implicit passphrase due to already having " | 1396 DVLOG(1) << "Switching to frozen implicit passphrase due to already having " |
1375 << "full encryption."; | 1397 << "full encryption."; |
1376 new_passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; | 1398 new_passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; |
1377 migrated_nigori.clear_keystore_decryptor_token(); | 1399 migrated_nigori.clear_keystore_decryptor_token(); |
1378 } else if (IsExplicitPassphrase(passphrase_type_)) { | 1400 } else if (IsExplicitPassphrase(*passphrase_type)) { |
1379 DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to " | 1401 DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to " |
1380 << "explicit passphrase"; | 1402 << "explicit passphrase"; |
1381 new_encrypt_everything = true; | 1403 new_encrypt_everything = true; |
1382 migrated_nigori.clear_keystore_decryptor_token(); | 1404 migrated_nigori.clear_keystore_decryptor_token(); |
1383 } else { | 1405 } else { |
1384 DCHECK(!encrypt_everything_); | 1406 DCHECK(!encrypt_everything_); |
1385 new_passphrase_type = PassphraseType::KEYSTORE_PASSPHRASE; | 1407 new_passphrase_type = PassphraseType::KEYSTORE_PASSPHRASE; |
1386 DVLOG(1) << "Switching to keystore passphrase state."; | 1408 DVLOG(1) << "Switching to keystore passphrase state."; |
1387 } | 1409 } |
1388 migrated_nigori.set_encrypt_everything(new_encrypt_everything); | 1410 migrated_nigori.set_encrypt_everything(new_encrypt_everything); |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1460 migration_time_ = base::Time::Now(); | 1482 migration_time_ = base::Time::Now(); |
1461 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); | 1483 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); |
1462 | 1484 |
1463 if (!custom_passphrase_time_.is_null()) { | 1485 if (!custom_passphrase_time_.is_null()) { |
1464 migrated_nigori.set_custom_passphrase_time( | 1486 migrated_nigori.set_custom_passphrase_time( |
1465 TimeToProtoTime(custom_passphrase_time_)); | 1487 TimeToProtoTime(custom_passphrase_time_)); |
1466 } | 1488 } |
1467 | 1489 |
1468 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1490 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
1469 OnCryptographerStateChanged(cryptographer)); | 1491 OnCryptographerStateChanged(cryptographer)); |
1470 if (passphrase_type_ != new_passphrase_type) { | 1492 if (*passphrase_type != new_passphrase_type) { |
1471 passphrase_type_ = new_passphrase_type; | 1493 *passphrase_type = new_passphrase_type; |
1472 FOR_EACH_OBSERVER( | 1494 FOR_EACH_OBSERVER( |
1473 SyncEncryptionHandler::Observer, observers_, | 1495 SyncEncryptionHandler::Observer, observers_, |
1474 OnPassphraseTypeChanged(passphrase_type_, GetExplicitPassphraseTime())); | 1496 OnPassphraseTypeChanged(*passphrase_type, |
| 1497 GetExplicitPassphraseTime(*passphrase_type))); |
1475 } | 1498 } |
1476 | 1499 |
1477 if (new_encrypt_everything && !encrypt_everything_) { | 1500 if (new_encrypt_everything && !encrypt_everything_) { |
1478 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); | 1501 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); |
1479 ReEncryptEverything(trans); | 1502 ReEncryptEverything(trans); |
1480 } else if (!cryptographer->CanDecryptUsingDefaultKey( | 1503 } else if (!cryptographer->CanDecryptUsingDefaultKey( |
1481 old_nigori.encryption_keybag())) { | 1504 old_nigori.encryption_keybag())) { |
1482 DVLOG(1) << "Rencrypting everything due to key rotation."; | 1505 DVLOG(1) << "Rencrypting everything due to key rotation."; |
1483 ReEncryptEverything(trans); | 1506 ReEncryptEverything(trans); |
1484 } | 1507 } |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1633 SyncEncryptionHandler::Observer, observers_, | 1656 SyncEncryptionHandler::Observer, observers_, |
1634 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1657 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1635 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1658 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
1636 OnCryptographerStateChanged(cryptographer)); | 1659 OnCryptographerStateChanged(cryptographer)); |
1637 return true; | 1660 return true; |
1638 } | 1661 } |
1639 } | 1662 } |
1640 return false; | 1663 return false; |
1641 } | 1664 } |
1642 | 1665 |
1643 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime() const { | 1666 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime( |
1644 if (passphrase_type_ == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) | 1667 PassphraseType passphrase_type) const { |
| 1668 if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) |
1645 return migration_time(); | 1669 return migration_time(); |
1646 else if (passphrase_type_ == PassphraseType::CUSTOM_PASSPHRASE) | 1670 else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) |
1647 return custom_passphrase_time(); | 1671 return custom_passphrase_time(); |
1648 return base::Time(); | 1672 return base::Time(); |
1649 } | 1673 } |
1650 | 1674 |
1651 } // namespace syncer | 1675 } // namespace syncer |
OLD | NEW |