Supplimentary identifier for passwords specific

components/sync/core_impl/sync_encryption_handler_impl.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/sync/core_impl/sync_encryption_handler_impl.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <memory>
@@ skipping 177 matching lines @@
   if (!internal_list_value->GetString(number_of_keystore_keys - 1,
                                       current_keystore_key)) {
     return false;
   }
   old_keystore_keys->resize(number_of_keystore_keys - 1);
   for (int i = 0; i < number_of_keystore_keys - 1; ++i)
     internal_list_value->GetString(i, &(*old_keystore_keys)[i]);
   return true;
 }
 
+// If the user starts using custom passphrase, then unencrypted metadata fields
+// for the password entity should be cleared.
+sync_pb::PasswordSpecificsMetadata
+ProcessPasswordSpecificMetadataForExplicitPassphareUsers(
+    const sync_pb::PasswordSpecificsMetadata& password_metadata) {
+  return sync_pb::PasswordSpecificsMetadata();
+}
+
 }  // namespace
 
 SyncEncryptionHandlerImpl::Vault::Vault(Encryptor* encryptor,
                                         ModelTypeSet encrypted_types)
     : cryptographer(encryptor), encrypted_types(encrypted_types) {}
 
 SyncEncryptionHandlerImpl::Vault::~Vault() {}
 
 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl(
     UserShare* user_share,
@@ skipping 627 matching lines @@
   // Passwords are encrypted with their own legacy scheme.  Passwords are always
   // encrypted so we don't need to check GetEncryptedTypes() here.
   ReadNode passwords_root(trans);
   if (passwords_root.InitTypeRoot(PASSWORDS) == BaseNode::INIT_OK) {
     int64_t child_id = passwords_root.GetFirstChildId();
     while (child_id != kInvalidId) {
       WriteNode child(trans);
       if (child.InitByIdLookup(child_id) != BaseNode::INIT_OK)
         break;  // Possible if we failed to decrypt the data for some reason.
       child.SetPasswordSpecifics(child.GetPasswordSpecifics());
+      if (IsExplicitPassphrase(passphrase_type_)) {
+        child.SetPasswordSpecificsMetadata(

[Nicolas Zea, 2016/08/20 00:23:43]

It occurs to me that I don't think you need this. SetPasswordSpecifics above
should automatically clear this as necessary (see my comment in write_node.cc).
You'll need to make some changes to nigori_util.cc to make that happen.

[melandory, 2016/08/22 22:08:41]

Disclaimer. Text below is written with an assumption of following setup: 
* data is cleared in nigori_util, UpdateEntryWithEncryption
* in order to get encryption state we query NigoriHandler::GetEncryptedTypes and
if encrypted types equal to EncryptableUserTypes, then it is custom passphrase
user .

So there is one thing which bothers me in proposed approach (or at least about
implementation I described).

Information that if user has custom_passphrase when "encrypt everything" is true
is external to the UpdateEntryWithEncryption and I think currently there is no
tests which check that this hypothesis is always true.

I see several ways to solve this:
1. Pipe passphrase_type_ flag to UpdateEntryWithEncryption.
2. Keep clearing of data in sync_encryption_handler_impl.cc, where we have
explicit signal about passphrase type.
3. Do implementation as written in the paragraph above and try to come up with a
solution for testing that custom passphrase state == encrypt everything state.

WDYT?

+            ProcessPasswordSpecificMetadataForExplicitPassphareUsers(
+                child.GetPasswordSpecificsMetadata()));
+      }
       child_id = child.GetSuccessorId();
     }
   }
 
   DVLOG(1) << "Re-encrypt everything complete.";
 
   // NOTE: We notify from within a transaction.
   FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                     OnEncryptionComplete());
 }
@@ skipping 784 matching lines @@
 
 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime() const {
   if (passphrase_type_ == FROZEN_IMPLICIT_PASSPHRASE)
     return migration_time();
   else if (passphrase_type_ == CUSTOM_PASSPHRASE)
     return custom_passphrase_time();
   return base::Time();
 }
 
 }  // namespace syncer