OLD | NEW |
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" | 5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
188 } | 188 } |
189 old_keystore_keys->resize(number_of_keystore_keys - 1); | 189 old_keystore_keys->resize(number_of_keystore_keys - 1); |
190 for (int i = 0; i < number_of_keystore_keys - 1; ++i) | 190 for (int i = 0; i < number_of_keystore_keys - 1; ++i) |
191 internal_list_value->GetString(i, &(*old_keystore_keys)[i]); | 191 internal_list_value->GetString(i, &(*old_keystore_keys)[i]); |
192 return true; | 192 return true; |
193 } | 193 } |
194 | 194 |
195 } // namespace | 195 } // namespace |
196 | 196 |
197 SyncEncryptionHandlerImpl::Vault::Vault(Encryptor* encryptor, | 197 SyncEncryptionHandlerImpl::Vault::Vault(Encryptor* encryptor, |
198 ModelTypeSet encrypted_types) | 198 ModelTypeSet encrypted_types, |
199 : cryptographer(encryptor), encrypted_types(encrypted_types) {} | 199 PassphraseType passphrase_type) |
| 200 : cryptographer(encryptor), |
| 201 encrypted_types(encrypted_types), |
| 202 passphrase_type(passphrase_type) {} |
200 | 203 |
201 SyncEncryptionHandlerImpl::Vault::~Vault() {} | 204 SyncEncryptionHandlerImpl::Vault::~Vault() {} |
202 | 205 |
203 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( | 206 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( |
204 UserShare* user_share, | 207 UserShare* user_share, |
205 Encryptor* encryptor, | 208 Encryptor* encryptor, |
206 const std::string& restored_key_for_bootstrapping, | 209 const std::string& restored_key_for_bootstrapping, |
207 const std::string& restored_keystore_key_for_bootstrapping) | 210 const std::string& restored_keystore_key_for_bootstrapping) |
208 : user_share_(user_share), | 211 : user_share_(user_share), |
209 vault_unsafe_(encryptor, SensitiveTypes()), | 212 vault_unsafe_(encryptor, |
| 213 SensitiveTypes(), |
| 214 PassphraseType::IMPLICIT_PASSPHRASE), |
210 encrypt_everything_(false), | 215 encrypt_everything_(false), |
211 passphrase_type_(PassphraseType::IMPLICIT_PASSPHRASE), | |
212 nigori_overwrite_count_(0), | 216 nigori_overwrite_count_(0), |
213 weak_ptr_factory_(this) { | 217 weak_ptr_factory_(this) { |
214 // Restore the cryptographer's previous keys. Note that we don't add the | 218 // Restore the cryptographer's previous keys. Note that we don't add the |
215 // keystore keys into the cryptographer here, in case a migration was pending. | 219 // keystore keys into the cryptographer here, in case a migration was pending. |
216 vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping); | 220 vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping); |
217 | 221 |
218 // If this fails, we won't have a valid keystore key, and will simply request | 222 // If this fails, we won't have a valid keystore key, and will simply request |
219 // new ones from the server on the next DownloadUpdates. | 223 // new ones from the server on the next DownloadUpdates. |
220 UnpackKeystoreBootstrapToken(restored_keystore_key_for_bootstrapping, | 224 UnpackKeystoreBootstrapToken(restored_keystore_key_for_bootstrapping, |
221 encryptor, &old_keystore_keys_, &keystore_key_); | 225 encryptor, &old_keystore_keys_, &keystore_key_); |
(...skipping 19 matching lines...) Expand all Loading... |
241 WriteNode node(&trans); | 245 WriteNode node(&trans); |
242 | 246 |
243 if (node.InitTypeRoot(NIGORI) != BaseNode::INIT_OK) | 247 if (node.InitTypeRoot(NIGORI) != BaseNode::INIT_OK) |
244 return; | 248 return; |
245 if (!ApplyNigoriUpdateImpl(node.GetNigoriSpecifics(), | 249 if (!ApplyNigoriUpdateImpl(node.GetNigoriSpecifics(), |
246 trans.GetWrappedTrans())) { | 250 trans.GetWrappedTrans())) { |
247 WriteEncryptionStateToNigori(&trans); | 251 WriteEncryptionStateToNigori(&trans); |
248 } | 252 } |
249 | 253 |
250 UMA_HISTOGRAM_ENUMERATION( | 254 UMA_HISTOGRAM_ENUMERATION( |
251 "Sync.PassphraseType", static_cast<unsigned>(GetPassphraseType()), | 255 "Sync.PassphraseType", |
| 256 static_cast<unsigned>(GetPassphraseType(trans.GetWrappedTrans())), |
252 static_cast<unsigned>(PassphraseType::PASSPHRASE_TYPE_SIZE)); | 257 static_cast<unsigned>(PassphraseType::PASSPHRASE_TYPE_SIZE)); |
253 | 258 |
254 bool has_pending_keys = | 259 bool has_pending_keys = |
255 UnlockVault(trans.GetWrappedTrans()).cryptographer.has_pending_keys(); | 260 UnlockVault(trans.GetWrappedTrans()).cryptographer.has_pending_keys(); |
256 bool is_ready = UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready(); | 261 bool is_ready = UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready(); |
257 // Log the state of the cryptographer regardless of migration state. | 262 // Log the state of the cryptographer regardless of migration state. |
258 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerReady", is_ready); | 263 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerReady", is_ready); |
259 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerPendingKeys", has_pending_keys); | 264 UMA_HISTOGRAM_BOOLEAN("Sync.CryptographerPendingKeys", has_pending_keys); |
260 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics())) { | 265 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics())) { |
261 // This account has a nigori node that has been migrated to support | 266 // This account has a nigori node that has been migrated to support |
262 // keystore. | 267 // keystore. |
263 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", MIGRATED, | 268 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", MIGRATED, |
264 MIGRATION_STATE_SIZE); | 269 MIGRATION_STATE_SIZE); |
265 if (has_pending_keys && | 270 if (has_pending_keys && |
266 passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE) { | 271 GetPassphraseType(trans.GetWrappedTrans()) == |
| 272 PassphraseType::KEYSTORE_PASSPHRASE) { |
267 // If this is happening, it means the keystore decryptor is either | 273 // If this is happening, it means the keystore decryptor is either |
268 // undecryptable with the available keystore keys or does not match the | 274 // undecryptable with the available keystore keys or does not match the |
269 // nigori keybag's encryption key. Otherwise we're simply missing the | 275 // nigori keybag's encryption key. Otherwise we're simply missing the |
270 // keystore key. | 276 // keystore key. |
271 UMA_HISTOGRAM_BOOLEAN("Sync.KeystoreDecryptionFailed", | 277 UMA_HISTOGRAM_BOOLEAN("Sync.KeystoreDecryptionFailed", |
272 !keystore_key_.empty()); | 278 !keystore_key_.empty()); |
273 } | 279 } |
274 } else if (!is_ready) { | 280 } else if (!is_ready) { |
275 // Migration cannot occur until the cryptographer is ready (initialized | 281 // Migration cannot occur until the cryptographer is ready (initialized |
276 // with GAIA password and any pending keys resolved). | 282 // with GAIA password and any pending keys resolved). |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
352 // logged as true. | 358 // logged as true. |
353 UMA_HISTOGRAM_BOOLEAN("Sync.CustomEncryption", true); | 359 UMA_HISTOGRAM_BOOLEAN("Sync.CustomEncryption", true); |
354 return; | 360 return; |
355 } | 361 } |
356 | 362 |
357 std::string bootstrap_token; | 363 std::string bootstrap_token; |
358 sync_pb::EncryptedData pending_keys; | 364 sync_pb::EncryptedData pending_keys; |
359 if (cryptographer->has_pending_keys()) | 365 if (cryptographer->has_pending_keys()) |
360 pending_keys = cryptographer->GetPendingKeys(); | 366 pending_keys = cryptographer->GetPendingKeys(); |
361 bool success = false; | 367 bool success = false; |
362 | 368 PassphraseType* passphrase_type = |
| 369 &UnlockVaultMutable(trans.GetWrappedTrans())->passphrase_type; |
363 // There are six cases to handle here: | 370 // There are six cases to handle here: |
364 // 1. The user has no pending keys and is setting their current GAIA password | 371 // 1. The user has no pending keys and is setting their current GAIA password |
365 // as the encryption passphrase. This happens either during first time sync | 372 // as the encryption passphrase. This happens either during first time sync |
366 // with a clean profile, or after re-authenticating on a profile that was | 373 // with a clean profile, or after re-authenticating on a profile that was |
367 // already signed in with the cryptographer ready. | 374 // already signed in with the cryptographer ready. |
368 // 2. The user has no pending keys, and is overwriting an (already provided) | 375 // 2. The user has no pending keys, and is overwriting an (already provided) |
369 // implicit passphrase with an explicit (custom) passphrase. | 376 // implicit passphrase with an explicit (custom) passphrase. |
370 // 3. The user has pending keys for an explicit passphrase that is somehow set | 377 // 3. The user has pending keys for an explicit passphrase that is somehow set |
371 // to their current GAIA passphrase. | 378 // to their current GAIA passphrase. |
372 // 4. The user has pending keys encrypted with their current GAIA passphrase | 379 // 4. The user has pending keys encrypted with their current GAIA passphrase |
373 // and the caller passes in the current GAIA passphrase. | 380 // and the caller passes in the current GAIA passphrase. |
374 // 5. The user has pending keys encrypted with an older GAIA passphrase | 381 // 5. The user has pending keys encrypted with an older GAIA passphrase |
375 // and the caller passes in the current GAIA passphrase. | 382 // and the caller passes in the current GAIA passphrase. |
376 // 6. The user has previously done encryption with an explicit passphrase. | 383 // 6. The user has previously done encryption with an explicit passphrase. |
377 // Furthermore, we enforce the fact that the bootstrap encryption token will | 384 // Furthermore, we enforce the fact that the bootstrap encryption token will |
378 // always be derived from the newest GAIA password if the account is using | 385 // always be derived from the newest GAIA password if the account is using |
379 // an implicit passphrase (even if the data is encrypted with an old GAIA | 386 // an implicit passphrase (even if the data is encrypted with an old GAIA |
380 // password). If the account is using an explicit (custom) passphrase, the | 387 // password). If the account is using an explicit (custom) passphrase, the |
381 // bootstrap token will be derived from the most recently provided explicit | 388 // bootstrap token will be derived from the most recently provided explicit |
382 // passphrase (that was able to decrypt the data). | 389 // passphrase (that was able to decrypt the data). |
383 if (!IsExplicitPassphrase(passphrase_type_)) { | 390 if (!IsExplicitPassphrase(*passphrase_type)) { |
384 if (!cryptographer->has_pending_keys()) { | 391 if (!cryptographer->has_pending_keys()) { |
385 if (cryptographer->AddKey(key_params)) { | 392 if (cryptographer->AddKey(key_params)) { |
386 // Case 1 and 2. We set a new GAIA passphrase when there are no pending | 393 // Case 1 and 2. We set a new GAIA passphrase when there are no pending |
387 // keys (1), or overwriting an implicit passphrase with a new explicit | 394 // keys (1), or overwriting an implicit passphrase with a new explicit |
388 // one (2) when there are no pending keys. | 395 // one (2) when there are no pending keys. |
389 if (is_explicit) { | 396 if (is_explicit) { |
390 DVLOG(1) << "Setting explicit passphrase for encryption."; | 397 DVLOG(1) << "Setting explicit passphrase for encryption."; |
391 passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE; | 398 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
392 custom_passphrase_time_ = base::Time::Now(); | 399 custom_passphrase_time_ = base::Time::Now(); |
393 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 400 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
394 OnPassphraseTypeChanged( | 401 OnPassphraseTypeChanged( |
395 passphrase_type_, GetExplicitPassphraseTime())); | 402 *passphrase_type, |
| 403 GetExplicitPassphraseTime(*passphrase_type))); |
396 } else { | 404 } else { |
397 DVLOG(1) << "Setting implicit passphrase for encryption."; | 405 DVLOG(1) << "Setting implicit passphrase for encryption."; |
398 } | 406 } |
399 cryptographer->GetBootstrapToken(&bootstrap_token); | 407 cryptographer->GetBootstrapToken(&bootstrap_token); |
400 | 408 |
401 // With M26, sync accounts can be in only one of two encryption states: | 409 // With M26, sync accounts can be in only one of two encryption states: |
402 // 1) Encrypt only passwords with an implicit passphrase. | 410 // 1) Encrypt only passwords with an implicit passphrase. |
403 // 2) Encrypt all sync datatypes with an explicit passphrase. | 411 // 2) Encrypt all sync datatypes with an explicit passphrase. |
404 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, | 412 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, |
405 // and keep track of an account's encryption state via the | 413 // and keep track of an account's encryption state via the |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
439 temp_cryptographer.GetBootstrapToken(&bootstrap_token); | 447 temp_cryptographer.GetBootstrapToken(&bootstrap_token); |
440 // We then set the new passphrase as the default passphrase of the | 448 // We then set the new passphrase as the default passphrase of the |
441 // real cryptographer, even though we have pending keys. This is safe, | 449 // real cryptographer, even though we have pending keys. This is safe, |
442 // as although Cryptographer::is_initialized() will now be true, | 450 // as although Cryptographer::is_initialized() will now be true, |
443 // is_ready() will remain false due to having pending keys. | 451 // is_ready() will remain false due to having pending keys. |
444 cryptographer->AddKey(key_params); | 452 cryptographer->AddKey(key_params); |
445 success = false; | 453 success = false; |
446 } | 454 } |
447 } // is_explicit | 455 } // is_explicit |
448 } // cryptographer->has_pending_keys() | 456 } // cryptographer->has_pending_keys() |
449 } else { // IsExplicitPassphrase(passphrase_type_) == true. | 457 } else { // IsExplicitPassphrase(passphrase_type) == true. |
450 // Case 6. We do not want to override a previously set explicit passphrase, | 458 // Case 6. We do not want to override a previously set explicit passphrase, |
451 // so we return a failure. | 459 // so we return a failure. |
452 DVLOG(1) << "Failing because an explicit passphrase is already set."; | 460 DVLOG(1) << "Failing because an explicit passphrase is already set."; |
453 success = false; | 461 success = false; |
454 } | 462 } |
455 | 463 |
456 DVLOG_IF(1, !success) | 464 DVLOG_IF(1, !success) |
457 << "Failure in SetEncryptionPassphrase; notifying and returning."; | 465 << "Failure in SetEncryptionPassphrase; notifying and returning."; |
458 DVLOG_IF(1, success) | 466 DVLOG_IF(1, success) |
459 << "Successfully set encryption passphrase; updating nigori and " | 467 << "Successfully set encryption passphrase; updating nigori and " |
(...skipping 19 matching lines...) Expand all Loading... |
479 NOTREACHED(); | 487 NOTREACHED(); |
480 return; | 488 return; |
481 } | 489 } |
482 | 490 |
483 // Once we've migrated to keystore, we're only ever decrypting keys derived | 491 // Once we've migrated to keystore, we're only ever decrypting keys derived |
484 // from an explicit passphrase. But, for clients without a keystore key yet | 492 // from an explicit passphrase. But, for clients without a keystore key yet |
485 // (either not on by default or failed to download one), we still support | 493 // (either not on by default or failed to download one), we still support |
486 // decrypting with a gaia passphrase, and therefore bypass the | 494 // decrypting with a gaia passphrase, and therefore bypass the |
487 // DecryptPendingKeysWithExplicitPassphrase logic. | 495 // DecryptPendingKeysWithExplicitPassphrase logic. |
488 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics()) && | 496 if (IsNigoriMigratedToKeystore(node.GetNigoriSpecifics()) && |
489 IsExplicitPassphrase(passphrase_type_)) { | 497 IsExplicitPassphrase(GetPassphraseType(trans.GetWrappedTrans()))) { |
490 DecryptPendingKeysWithExplicitPassphrase(passphrase, &trans, &node); | 498 DecryptPendingKeysWithExplicitPassphrase(passphrase, &trans, &node); |
491 return; | 499 return; |
492 } | 500 } |
493 | 501 |
494 Cryptographer* cryptographer = | 502 Cryptographer* cryptographer = |
495 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer; | 503 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer; |
496 if (!cryptographer->has_pending_keys()) { | 504 if (!cryptographer->has_pending_keys()) { |
497 // Note that this *can* happen in a rare situation where data is | 505 // Note that this *can* happen in a rare situation where data is |
498 // re-encrypted on another client while a SetDecryptionPassphrase() call is | 506 // re-encrypted on another client while a SetDecryptionPassphrase() call is |
499 // in-flight on this client. It is rare enough that we choose to do nothing. | 507 // in-flight on this client. It is rare enough that we choose to do nothing. |
(...skipping 13 matching lines...) Expand all Loading... |
513 // passphrase, where the data is already encrypted with the newest GAIA | 521 // passphrase, where the data is already encrypted with the newest GAIA |
514 // password. | 522 // password. |
515 // 8. The user is providing an old GAIA password to decrypt the pending keys. | 523 // 8. The user is providing an old GAIA password to decrypt the pending keys. |
516 // In this case, the user is using an implicit passphrase, but has changed | 524 // In this case, the user is using an implicit passphrase, but has changed |
517 // their password since they last encrypted their data, and therefore | 525 // their password since they last encrypted their data, and therefore |
518 // their current GAIA password was unable to decrypt the data. This will | 526 // their current GAIA password was unable to decrypt the data. This will |
519 // happen when the user is setting up a new profile with a previously | 527 // happen when the user is setting up a new profile with a previously |
520 // encrypted account (after changing passwords). | 528 // encrypted account (after changing passwords). |
521 // 9. The user is providing a previously set explicit passphrase to decrypt | 529 // 9. The user is providing a previously set explicit passphrase to decrypt |
522 // the pending keys. | 530 // the pending keys. |
523 if (!IsExplicitPassphrase(passphrase_type_)) { | 531 if (!IsExplicitPassphrase(GetPassphraseType(trans.GetWrappedTrans()))) { |
524 if (cryptographer->is_initialized()) { | 532 if (cryptographer->is_initialized()) { |
525 // We only want to change the default encryption key to the pending | 533 // We only want to change the default encryption key to the pending |
526 // one if the pending keybag already contains the current default. | 534 // one if the pending keybag already contains the current default. |
527 // This covers the case where a different client re-encrypted | 535 // This covers the case where a different client re-encrypted |
528 // everything with a newer gaia passphrase (and hence the keybag | 536 // everything with a newer gaia passphrase (and hence the keybag |
529 // contains keys from all previously used gaia passphrases). | 537 // contains keys from all previously used gaia passphrases). |
530 // Otherwise, we're in a situation where the pending keys are | 538 // Otherwise, we're in a situation where the pending keys are |
531 // encrypted with an old gaia passphrase, while the default is the | 539 // encrypted with an old gaia passphrase, while the default is the |
532 // current gaia passphrase. In that case, we preserve the default. | 540 // current gaia passphrase. In that case, we preserve the default. |
533 Cryptographer temp_cryptographer(cryptographer->encryptor()); | 541 Cryptographer temp_cryptographer(cryptographer->encryptor()); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
619 WriteEncryptionStateToNigori(&trans); | 627 WriteEncryptionStateToNigori(&trans); |
620 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) | 628 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) |
621 ReEncryptEverything(&trans); | 629 ReEncryptEverything(&trans); |
622 } | 630 } |
623 | 631 |
624 bool SyncEncryptionHandlerImpl::IsEncryptEverythingEnabled() const { | 632 bool SyncEncryptionHandlerImpl::IsEncryptEverythingEnabled() const { |
625 DCHECK(thread_checker_.CalledOnValidThread()); | 633 DCHECK(thread_checker_.CalledOnValidThread()); |
626 return encrypt_everything_; | 634 return encrypt_everything_; |
627 } | 635 } |
628 | 636 |
629 PassphraseType SyncEncryptionHandlerImpl::GetPassphraseType() const { | |
630 DCHECK(thread_checker_.CalledOnValidThread()); | |
631 return passphrase_type_; | |
632 } | |
633 | |
634 // Note: this is called from within a syncable transaction, so we need to post | 637 // Note: this is called from within a syncable transaction, so we need to post |
635 // tasks if we want to do any work that creates a new sync_api transaction. | 638 // tasks if we want to do any work that creates a new sync_api transaction. |
636 void SyncEncryptionHandlerImpl::ApplyNigoriUpdate( | 639 void SyncEncryptionHandlerImpl::ApplyNigoriUpdate( |
637 const sync_pb::NigoriSpecifics& nigori, | 640 const sync_pb::NigoriSpecifics& nigori, |
638 syncable::BaseTransaction* const trans) { | 641 syncable::BaseTransaction* const trans) { |
639 DCHECK(thread_checker_.CalledOnValidThread()); | 642 DCHECK(thread_checker_.CalledOnValidThread()); |
640 DCHECK(trans); | 643 DCHECK(trans); |
641 if (!ApplyNigoriUpdateImpl(nigori, trans)) { | 644 if (!ApplyNigoriUpdateImpl(nigori, trans)) { |
642 base::ThreadTaskRunnerHandle::Get()->PostTask( | 645 base::ThreadTaskRunnerHandle::Get()->PostTask( |
643 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, | 646 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
710 !nigori.keystore_decryptor_token().blob().empty()) { | 713 !nigori.keystore_decryptor_token().blob().empty()) { |
711 // If the nigori is already migrated and we have pending keys, we might | 714 // If the nigori is already migrated and we have pending keys, we might |
712 // be able to decrypt them using either the keystore decryptor token | 715 // be able to decrypt them using either the keystore decryptor token |
713 // or the existing keystore keys. | 716 // or the existing keystore keys. |
714 DecryptPendingKeysWithKeystoreKey( | 717 DecryptPendingKeysWithKeystoreKey( |
715 keystore_key_, nigori.keystore_decryptor_token(), cryptographer); | 718 keystore_key_, nigori.keystore_decryptor_token(), cryptographer); |
716 } | 719 } |
717 | 720 |
718 // Note that triggering migration will have no effect if we're already | 721 // Note that triggering migration will have no effect if we're already |
719 // properly migrated with the newest keystore keys. | 722 // properly migrated with the newest keystore keys. |
720 if (ShouldTriggerMigration(nigori, *cryptographer)) { | 723 if (ShouldTriggerMigration(nigori, *cryptographer, |
| 724 GetPassphraseType(trans))) { |
721 base::ThreadTaskRunnerHandle::Get()->PostTask( | 725 base::ThreadTaskRunnerHandle::Get()->PostTask( |
722 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, | 726 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, |
723 weak_ptr_factory_.GetWeakPtr())); | 727 weak_ptr_factory_.GetWeakPtr())); |
724 } | 728 } |
725 | 729 |
726 return true; | 730 return true; |
727 } | 731 } |
728 | 732 |
729 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( | 733 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( |
730 syncable::BaseTransaction* const trans) const { | 734 syncable::BaseTransaction* const trans) const { |
731 return UnlockVault(trans).encrypted_types; | 735 return UnlockVault(trans).encrypted_types; |
732 } | 736 } |
733 | 737 |
| 738 PassphraseType SyncEncryptionHandlerImpl::GetPassphraseType( |
| 739 syncable::BaseTransaction* const trans) const { |
| 740 return UnlockVault(trans).passphrase_type; |
| 741 } |
| 742 |
734 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { | 743 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { |
735 DCHECK(thread_checker_.CalledOnValidThread()); | 744 DCHECK(thread_checker_.CalledOnValidThread()); |
736 return &vault_unsafe_.cryptographer; | 745 return &vault_unsafe_.cryptographer; |
737 } | 746 } |
738 | 747 |
739 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypesUnsafe() { | 748 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypesUnsafe() { |
740 DCHECK(thread_checker_.CalledOnValidThread()); | 749 DCHECK(thread_checker_.CalledOnValidThread()); |
741 return vault_unsafe_.encrypted_types; | 750 return vault_unsafe_.encrypted_types; |
742 } | 751 } |
743 | 752 |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
857 syncable::BaseTransaction* const trans) { | 866 syncable::BaseTransaction* const trans) { |
858 DCHECK(thread_checker_.CalledOnValidThread()); | 867 DCHECK(thread_checker_.CalledOnValidThread()); |
859 DVLOG(1) << "Applying nigori node update."; | 868 DVLOG(1) << "Applying nigori node update."; |
860 bool nigori_types_need_update = | 869 bool nigori_types_need_update = |
861 !UpdateEncryptedTypesFromNigori(nigori, trans); | 870 !UpdateEncryptedTypesFromNigori(nigori, trans); |
862 | 871 |
863 if (nigori.custom_passphrase_time() != 0) { | 872 if (nigori.custom_passphrase_time() != 0) { |
864 custom_passphrase_time_ = ProtoTimeToTime(nigori.custom_passphrase_time()); | 873 custom_passphrase_time_ = ProtoTimeToTime(nigori.custom_passphrase_time()); |
865 } | 874 } |
866 bool is_nigori_migrated = IsNigoriMigratedToKeystore(nigori); | 875 bool is_nigori_migrated = IsNigoriMigratedToKeystore(nigori); |
| 876 PassphraseType* passphrase_type = &UnlockVaultMutable(trans)->passphrase_type; |
867 if (is_nigori_migrated) { | 877 if (is_nigori_migrated) { |
868 migration_time_ = ProtoTimeToTime(nigori.keystore_migration_time()); | 878 migration_time_ = ProtoTimeToTime(nigori.keystore_migration_time()); |
869 PassphraseType nigori_passphrase_type = | 879 PassphraseType nigori_passphrase_type = |
870 ProtoPassphraseTypeToEnum(nigori.passphrase_type()); | 880 ProtoPassphraseTypeToEnum(nigori.passphrase_type()); |
871 | 881 |
872 // Only update the local passphrase state if it's a valid transition: | 882 // Only update the local passphrase state if it's a valid transition: |
873 // - implicit -> keystore | 883 // - implicit -> keystore |
874 // - implicit -> frozen implicit | 884 // - implicit -> frozen implicit |
875 // - implicit -> custom | 885 // - implicit -> custom |
876 // - keystore -> custom | 886 // - keystore -> custom |
877 // Note: frozen implicit -> custom is not technically a valid transition, | 887 // Note: frozen implicit -> custom is not technically a valid transition, |
878 // but we let it through here as well in case future versions do add support | 888 // but we let it through here as well in case future versions do add support |
879 // for this transition. | 889 // for this transition. |
880 if (passphrase_type_ != nigori_passphrase_type && | 890 if (*passphrase_type != nigori_passphrase_type && |
881 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && | 891 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && |
882 (passphrase_type_ == PassphraseType::IMPLICIT_PASSPHRASE || | 892 (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE || |
883 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { | 893 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { |
884 DVLOG(1) << "Changing passphrase state from " | 894 DVLOG(1) << "Changing passphrase state from " |
885 << PassphraseTypeToString(passphrase_type_) << " to " | 895 << PassphraseTypeToString(*passphrase_type) << " to " |
886 << PassphraseTypeToString(nigori_passphrase_type); | 896 << PassphraseTypeToString(nigori_passphrase_type); |
887 passphrase_type_ = nigori_passphrase_type; | 897 *passphrase_type = nigori_passphrase_type; |
888 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 898 FOR_EACH_OBSERVER( |
889 OnPassphraseTypeChanged(passphrase_type_, | 899 SyncEncryptionHandler::Observer, observers_, |
890 GetExplicitPassphraseTime())); | 900 OnPassphraseTypeChanged(*passphrase_type, |
| 901 GetExplicitPassphraseTime(*passphrase_type))); |
891 } | 902 } |
892 if (passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE && | 903 if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && |
893 encrypt_everything_) { | 904 encrypt_everything_) { |
894 // This is the case where another client that didn't support keystore | 905 // This is the case where another client that didn't support keystore |
895 // encryption attempted to enable full encryption. We detect it | 906 // encryption attempted to enable full encryption. We detect it |
896 // and switch the passphrase type to frozen implicit passphrase instead | 907 // and switch the passphrase type to frozen implicit passphrase instead |
897 // due to full encryption not being compatible with keystore passphrase. | 908 // due to full encryption not being compatible with keystore passphrase. |
898 // Because the local passphrase type will not match the nigori passphrase | 909 // Because the local passphrase type will not match the nigori passphrase |
899 // type, we will trigger a rewrite and subsequently a re-migration. | 910 // type, we will trigger a rewrite and subsequently a re-migration. |
900 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " | 911 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " |
901 << "due to full encryption."; | 912 << "due to full encryption."; |
902 passphrase_type_ = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; | 913 *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; |
903 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 914 FOR_EACH_OBSERVER( |
904 OnPassphraseTypeChanged(passphrase_type_, | 915 SyncEncryptionHandler::Observer, observers_, |
905 GetExplicitPassphraseTime())); | 916 OnPassphraseTypeChanged(*passphrase_type, |
| 917 GetExplicitPassphraseTime(*passphrase_type))); |
906 } | 918 } |
907 } else { | 919 } else { |
908 // It's possible that while we're waiting for migration a client that does | 920 // It's possible that while we're waiting for migration a client that does |
909 // not have keystore encryption enabled switches to a custom passphrase. | 921 // not have keystore encryption enabled switches to a custom passphrase. |
910 if (nigori.keybag_is_frozen() && | 922 if (nigori.keybag_is_frozen() && |
911 passphrase_type_ != PassphraseType::CUSTOM_PASSPHRASE) { | 923 *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) { |
912 passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE; | 924 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
913 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 925 FOR_EACH_OBSERVER( |
914 OnPassphraseTypeChanged(passphrase_type_, | 926 SyncEncryptionHandler::Observer, observers_, |
915 GetExplicitPassphraseTime())); | 927 OnPassphraseTypeChanged(*passphrase_type, |
| 928 GetExplicitPassphraseTime(*passphrase_type))); |
916 } | 929 } |
917 } | 930 } |
918 | 931 |
919 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; | 932 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; |
920 bool nigori_needs_new_keys = false; | 933 bool nigori_needs_new_keys = false; |
921 if (!nigori.encryption_keybag().blob().empty()) { | 934 if (!nigori.encryption_keybag().blob().empty()) { |
922 // We only update the default key if this was a new explicit passphrase. | 935 // We only update the default key if this was a new explicit passphrase. |
923 // Else, since it was decryptable, it must not have been a new key. | 936 // Else, since it was decryptable, it must not have been a new key. |
924 bool need_new_default_key = false; | 937 bool need_new_default_key = false; |
925 if (is_nigori_migrated) { | 938 if (is_nigori_migrated) { |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
972 FOR_EACH_OBSERVER( | 985 FOR_EACH_OBSERVER( |
973 SyncEncryptionHandler::Observer, observers_, | 986 SyncEncryptionHandler::Observer, observers_, |
974 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); | 987 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); |
975 } | 988 } |
976 | 989 |
977 // Check if the current local encryption state is stricter/newer than the | 990 // Check if the current local encryption state is stricter/newer than the |
978 // nigori state. If so, we need to overwrite the nigori node with the local | 991 // nigori state. If so, we need to overwrite the nigori node with the local |
979 // state. | 992 // state. |
980 bool passphrase_type_matches = true; | 993 bool passphrase_type_matches = true; |
981 if (!is_nigori_migrated) { | 994 if (!is_nigori_migrated) { |
982 DCHECK(passphrase_type_ == PassphraseType::CUSTOM_PASSPHRASE || | 995 DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || |
983 passphrase_type_ == PassphraseType::IMPLICIT_PASSPHRASE); | 996 *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE); |
984 passphrase_type_matches = | 997 passphrase_type_matches = |
985 nigori.keybag_is_frozen() == IsExplicitPassphrase(passphrase_type_); | 998 nigori.keybag_is_frozen() == IsExplicitPassphrase(*passphrase_type); |
986 } else { | 999 } else { |
987 passphrase_type_matches = | 1000 passphrase_type_matches = |
988 (ProtoPassphraseTypeToEnum(nigori.passphrase_type()) == | 1001 (ProtoPassphraseTypeToEnum(nigori.passphrase_type()) == |
989 passphrase_type_); | 1002 *passphrase_type); |
990 } | 1003 } |
991 if (!passphrase_type_matches || | 1004 if (!passphrase_type_matches || |
992 nigori.encrypt_everything() != encrypt_everything_ || | 1005 nigori.encrypt_everything() != encrypt_everything_ || |
993 nigori_types_need_update || nigori_needs_new_keys) { | 1006 nigori_types_need_update || nigori_needs_new_keys) { |
994 DVLOG(1) << "Triggering nigori rewrite."; | 1007 DVLOG(1) << "Triggering nigori rewrite."; |
995 return false; | 1008 return false; |
996 } | 1009 } |
997 return true; | 1010 return true; |
998 } | 1011 } |
999 | 1012 |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1094 } | 1107 } |
1095 | 1108 |
1096 void SyncEncryptionHandlerImpl::SetCustomPassphrase( | 1109 void SyncEncryptionHandlerImpl::SetCustomPassphrase( |
1097 const std::string& passphrase, | 1110 const std::string& passphrase, |
1098 WriteTransaction* trans, | 1111 WriteTransaction* trans, |
1099 WriteNode* nigori_node) { | 1112 WriteNode* nigori_node) { |
1100 DCHECK(thread_checker_.CalledOnValidThread()); | 1113 DCHECK(thread_checker_.CalledOnValidThread()); |
1101 DCHECK(IsNigoriMigratedToKeystore(nigori_node->GetNigoriSpecifics())); | 1114 DCHECK(IsNigoriMigratedToKeystore(nigori_node->GetNigoriSpecifics())); |
1102 KeyParams key_params = {"localhost", "dummy", passphrase}; | 1115 KeyParams key_params = {"localhost", "dummy", passphrase}; |
1103 | 1116 |
1104 if (passphrase_type_ != PassphraseType::KEYSTORE_PASSPHRASE) { | 1117 if (GetPassphraseType(trans->GetWrappedTrans()) != |
| 1118 PassphraseType::KEYSTORE_PASSPHRASE) { |
1105 DVLOG(1) << "Failing to set a custom passphrase because one has already " | 1119 DVLOG(1) << "Failing to set a custom passphrase because one has already " |
1106 << "been set."; | 1120 << "been set."; |
1107 FinishSetPassphrase(false, std::string(), trans, nigori_node); | 1121 FinishSetPassphrase(false, std::string(), trans, nigori_node); |
1108 return; | 1122 return; |
1109 } | 1123 } |
1110 | 1124 |
1111 Cryptographer* cryptographer = | 1125 Cryptographer* cryptographer = |
1112 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1126 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
1113 if (cryptographer->has_pending_keys()) { | 1127 if (cryptographer->has_pending_keys()) { |
1114 // This theoretically shouldn't happen, because the only way to have pending | 1128 // This theoretically shouldn't happen, because the only way to have pending |
1115 // keys after migrating to keystore support is if a custom passphrase was | 1129 // keys after migrating to keystore support is if a custom passphrase was |
1116 // set, which should update passpshrase_state_ and should be caught by the | 1130 // set, which should update passpshrase_state_ and should be caught by the |
1117 // if statement above. For the sake of safety though, we check for it in | 1131 // if statement above. For the sake of safety though, we check for it in |
1118 // case a client is misbehaving. | 1132 // case a client is misbehaving. |
1119 LOG(ERROR) << "Failing to set custom passphrase because of pending keys."; | 1133 LOG(ERROR) << "Failing to set custom passphrase because of pending keys."; |
1120 FinishSetPassphrase(false, std::string(), trans, nigori_node); | 1134 FinishSetPassphrase(false, std::string(), trans, nigori_node); |
1121 return; | 1135 return; |
1122 } | 1136 } |
1123 | 1137 |
1124 std::string bootstrap_token; | 1138 std::string bootstrap_token; |
1125 if (!cryptographer->AddKey(key_params)) { | 1139 if (!cryptographer->AddKey(key_params)) { |
1126 NOTREACHED() << "Failed to add key to cryptographer."; | 1140 NOTREACHED() << "Failed to add key to cryptographer."; |
1127 return; | 1141 return; |
1128 } | 1142 } |
1129 | 1143 |
1130 DVLOG(1) << "Setting custom passphrase."; | 1144 DVLOG(1) << "Setting custom passphrase."; |
1131 cryptographer->GetBootstrapToken(&bootstrap_token); | 1145 cryptographer->GetBootstrapToken(&bootstrap_token); |
1132 passphrase_type_ = PassphraseType::CUSTOM_PASSPHRASE; | 1146 PassphraseType* passphrase_type = |
| 1147 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; |
| 1148 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
1133 custom_passphrase_time_ = base::Time::Now(); | 1149 custom_passphrase_time_ = base::Time::Now(); |
1134 FOR_EACH_OBSERVER( | 1150 FOR_EACH_OBSERVER( |
1135 SyncEncryptionHandler::Observer, observers_, | 1151 SyncEncryptionHandler::Observer, observers_, |
1136 OnPassphraseTypeChanged(passphrase_type_, GetExplicitPassphraseTime())); | 1152 OnPassphraseTypeChanged(*passphrase_type, |
| 1153 GetExplicitPassphraseTime(*passphrase_type))); |
1137 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); | 1154 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); |
1138 } | 1155 } |
1139 | 1156 |
1140 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( | 1157 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( |
1141 WriteTransaction* trans) { | 1158 WriteTransaction* trans) { |
1142 WriteNode nigori_node(trans); | 1159 WriteNode nigori_node(trans); |
1143 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); | 1160 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); |
1144 DCHECK_EQ(init_result, BaseNode::INIT_OK); | 1161 DCHECK_EQ(init_result, BaseNode::INIT_OK); |
1145 NigoriState nigori_state; | 1162 NigoriState nigori_state; |
1146 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); | 1163 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); |
1147 DCHECK(nigori_state.nigori_specifics.passphrase_type() == | 1164 DCHECK(nigori_state.nigori_specifics.passphrase_type() == |
1148 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || | 1165 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || |
1149 nigori_state.nigori_specifics.passphrase_type() == | 1166 nigori_state.nigori_specifics.passphrase_type() == |
1150 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 1167 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
1151 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1168 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
1152 OnLocalSetPassphraseEncryption(nigori_state)); | 1169 OnLocalSetPassphraseEncryption(nigori_state)); |
1153 } | 1170 } |
1154 | 1171 |
1155 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( | 1172 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( |
1156 const std::string& passphrase, | 1173 const std::string& passphrase, |
1157 WriteTransaction* trans, | 1174 WriteTransaction* trans, |
1158 WriteNode* nigori_node) { | 1175 WriteNode* nigori_node) { |
1159 DCHECK(thread_checker_.CalledOnValidThread()); | 1176 DCHECK(thread_checker_.CalledOnValidThread()); |
1160 DCHECK(IsExplicitPassphrase(passphrase_type_)); | 1177 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1161 KeyParams key_params = {"localhost", "dummy", passphrase}; | 1178 KeyParams key_params = {"localhost", "dummy", passphrase}; |
1162 | 1179 |
1163 Cryptographer* cryptographer = | 1180 Cryptographer* cryptographer = |
1164 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1181 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
1165 if (!cryptographer->has_pending_keys()) { | 1182 if (!cryptographer->has_pending_keys()) { |
1166 // Note that this *can* happen in a rare situation where data is | 1183 // Note that this *can* happen in a rare situation where data is |
1167 // re-encrypted on another client while a SetDecryptionPassphrase() call is | 1184 // re-encrypted on another client while a SetDecryptionPassphrase() call is |
1168 // in-flight on this client. It is rare enough that we choose to do nothing. | 1185 // in-flight on this client. It is rare enough that we choose to do nothing. |
1169 NOTREACHED() << "Attempt to set decryption passphrase failed because there " | 1186 NOTREACHED() << "Attempt to set decryption passphrase failed because there " |
1170 << "were no pending keys."; | 1187 << "were no pending keys."; |
1171 return; | 1188 return; |
1172 } | 1189 } |
1173 | 1190 |
1174 DCHECK(IsExplicitPassphrase(passphrase_type_)); | 1191 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1175 bool success = false; | 1192 bool success = false; |
1176 std::string bootstrap_token; | 1193 std::string bootstrap_token; |
1177 if (cryptographer->DecryptPendingKeys(key_params)) { | 1194 if (cryptographer->DecryptPendingKeys(key_params)) { |
1178 DVLOG(1) << "Explicit passphrase accepted for decryption."; | 1195 DVLOG(1) << "Explicit passphrase accepted for decryption."; |
1179 cryptographer->GetBootstrapToken(&bootstrap_token); | 1196 cryptographer->GetBootstrapToken(&bootstrap_token); |
1180 success = true; | 1197 success = true; |
1181 } else { | 1198 } else { |
1182 DVLOG(1) << "Explicit passphrase failed to decrypt."; | 1199 DVLOG(1) << "Explicit passphrase failed to decrypt."; |
1183 success = false; | 1200 success = false; |
1184 } | 1201 } |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1236 // (in otherwords, if ShouldTriggerMigration is false). | 1253 // (in otherwords, if ShouldTriggerMigration is false). |
1237 // Otherwise will update the nigori node with the current migrated state, | 1254 // Otherwise will update the nigori node with the current migrated state, |
1238 // writing all encryption state as it does. | 1255 // writing all encryption state as it does. |
1239 if (!AttemptToMigrateNigoriToKeystore(trans, nigori_node)) { | 1256 if (!AttemptToMigrateNigoriToKeystore(trans, nigori_node)) { |
1240 sync_pb::NigoriSpecifics nigori(nigori_node->GetNigoriSpecifics()); | 1257 sync_pb::NigoriSpecifics nigori(nigori_node->GetNigoriSpecifics()); |
1241 // Does not modify nigori.encryption_keybag() if the original decrypted | 1258 // Does not modify nigori.encryption_keybag() if the original decrypted |
1242 // data was the same. | 1259 // data was the same. |
1243 if (!cryptographer.GetKeys(nigori.mutable_encryption_keybag())) | 1260 if (!cryptographer.GetKeys(nigori.mutable_encryption_keybag())) |
1244 NOTREACHED(); | 1261 NOTREACHED(); |
1245 if (IsNigoriMigratedToKeystore(nigori)) { | 1262 if (IsNigoriMigratedToKeystore(nigori)) { |
1246 DCHECK(keystore_key_.empty() || IsExplicitPassphrase(passphrase_type_)); | 1263 DCHECK(keystore_key_.empty() || |
| 1264 IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1247 DVLOG(1) << "Leaving nigori migration state untouched after setting" | 1265 DVLOG(1) << "Leaving nigori migration state untouched after setting" |
1248 << " passphrase."; | 1266 << " passphrase."; |
1249 } else { | 1267 } else { |
1250 nigori.set_keybag_is_frozen(IsExplicitPassphrase(passphrase_type_)); | 1268 nigori.set_keybag_is_frozen( |
| 1269 IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1251 } | 1270 } |
1252 // If we set a new custom passphrase, store the timestamp. | 1271 // If we set a new custom passphrase, store the timestamp. |
1253 if (!custom_passphrase_time_.is_null()) { | 1272 if (!custom_passphrase_time_.is_null()) { |
1254 nigori.set_custom_passphrase_time( | 1273 nigori.set_custom_passphrase_time( |
1255 TimeToProtoTime(custom_passphrase_time_)); | 1274 TimeToProtoTime(custom_passphrase_time_)); |
1256 } | 1275 } |
1257 nigori_node->SetNigoriSpecifics(nigori); | 1276 nigori_node->SetNigoriSpecifics(nigori); |
1258 } | 1277 } |
1259 | 1278 |
1260 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS | 1279 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1292 } | 1311 } |
1293 | 1312 |
1294 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( | 1313 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( |
1295 syncable::BaseTransaction* const trans) const { | 1314 syncable::BaseTransaction* const trans) const { |
1296 DCHECK_EQ(user_share_->directory.get(), trans->directory()); | 1315 DCHECK_EQ(user_share_->directory.get(), trans->directory()); |
1297 return vault_unsafe_; | 1316 return vault_unsafe_; |
1298 } | 1317 } |
1299 | 1318 |
1300 bool SyncEncryptionHandlerImpl::ShouldTriggerMigration( | 1319 bool SyncEncryptionHandlerImpl::ShouldTriggerMigration( |
1301 const sync_pb::NigoriSpecifics& nigori, | 1320 const sync_pb::NigoriSpecifics& nigori, |
1302 const Cryptographer& cryptographer) const { | 1321 const Cryptographer& cryptographer, |
| 1322 PassphraseType passphrase_type) const { |
1303 DCHECK(thread_checker_.CalledOnValidThread()); | 1323 DCHECK(thread_checker_.CalledOnValidThread()); |
1304 // Don't migrate if there are pending encryption keys (because data | 1324 // Don't migrate if there are pending encryption keys (because data |
1305 // encrypted with the pending keys will not be decryptable). | 1325 // encrypted with the pending keys will not be decryptable). |
1306 if (cryptographer.has_pending_keys()) | 1326 if (cryptographer.has_pending_keys()) |
1307 return false; | 1327 return false; |
1308 if (IsNigoriMigratedToKeystore(nigori)) { | 1328 if (IsNigoriMigratedToKeystore(nigori)) { |
1309 // If the nigori is already migrated but does not reflect the explicit | 1329 // If the nigori is already migrated but does not reflect the explicit |
1310 // passphrase state, remigrate. Similarly, if the nigori has an explicit | 1330 // passphrase state, remigrate. Similarly, if the nigori has an explicit |
1311 // passphrase but does not have full encryption, or the nigori has an | 1331 // passphrase but does not have full encryption, or the nigori has an |
1312 // implicit passphrase but does have full encryption, re-migrate. | 1332 // implicit passphrase but does have full encryption, re-migrate. |
1313 // Note that this is to defend against other clients without keystore | 1333 // Note that this is to defend against other clients without keystore |
1314 // encryption enabled transitioning to states that are no longer valid. | 1334 // encryption enabled transitioning to states that are no longer valid. |
1315 if (passphrase_type_ != PassphraseType::KEYSTORE_PASSPHRASE && | 1335 if (passphrase_type != PassphraseType::KEYSTORE_PASSPHRASE && |
1316 nigori.passphrase_type() == | 1336 nigori.passphrase_type() == |
1317 sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) { | 1337 sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE) { |
1318 return true; | 1338 return true; |
1319 } else if (IsExplicitPassphrase(passphrase_type_) && !encrypt_everything_) { | 1339 } else if (IsExplicitPassphrase(passphrase_type) && !encrypt_everything_) { |
1320 return true; | 1340 return true; |
1321 } else if (passphrase_type_ == PassphraseType::KEYSTORE_PASSPHRASE && | 1341 } else if (passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && |
1322 encrypt_everything_) { | 1342 encrypt_everything_) { |
1323 return true; | 1343 return true; |
1324 } else if (cryptographer.is_ready() && | 1344 } else if (cryptographer.is_ready() && |
1325 !cryptographer.CanDecryptUsingDefaultKey( | 1345 !cryptographer.CanDecryptUsingDefaultKey( |
1326 nigori.encryption_keybag())) { | 1346 nigori.encryption_keybag())) { |
1327 // We need to overwrite the keybag. This might involve overwriting the | 1347 // We need to overwrite the keybag. This might involve overwriting the |
1328 // keystore decryptor too. | 1348 // keystore decryptor too. |
1329 return true; | 1349 return true; |
1330 } else if (old_keystore_keys_.size() > 0 && !keystore_key_.empty()) { | 1350 } else if (old_keystore_keys_.size() > 0 && !keystore_key_.empty()) { |
1331 // Check to see if a server key rotation has happened, but the nigori | 1351 // Check to see if a server key rotation has happened, but the nigori |
(...skipping 21 matching lines...) Expand all Loading... |
1353 } | 1373 } |
1354 | 1374 |
1355 bool SyncEncryptionHandlerImpl::AttemptToMigrateNigoriToKeystore( | 1375 bool SyncEncryptionHandlerImpl::AttemptToMigrateNigoriToKeystore( |
1356 WriteTransaction* trans, | 1376 WriteTransaction* trans, |
1357 WriteNode* nigori_node) { | 1377 WriteNode* nigori_node) { |
1358 DCHECK(thread_checker_.CalledOnValidThread()); | 1378 DCHECK(thread_checker_.CalledOnValidThread()); |
1359 const sync_pb::NigoriSpecifics& old_nigori = | 1379 const sync_pb::NigoriSpecifics& old_nigori = |
1360 nigori_node->GetNigoriSpecifics(); | 1380 nigori_node->GetNigoriSpecifics(); |
1361 Cryptographer* cryptographer = | 1381 Cryptographer* cryptographer = |
1362 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; | 1382 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer; |
1363 | 1383 PassphraseType* passphrase_type = |
1364 if (!ShouldTriggerMigration(old_nigori, *cryptographer)) | 1384 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; |
| 1385 if (!ShouldTriggerMigration(old_nigori, *cryptographer, *passphrase_type)) |
1365 return false; | 1386 return false; |
1366 | 1387 |
1367 DVLOG(1) << "Starting nigori migration to keystore support."; | 1388 DVLOG(1) << "Starting nigori migration to keystore support."; |
1368 sync_pb::NigoriSpecifics migrated_nigori(old_nigori); | 1389 sync_pb::NigoriSpecifics migrated_nigori(old_nigori); |
1369 | 1390 |
1370 PassphraseType new_passphrase_type = passphrase_type_; | 1391 PassphraseType new_passphrase_type = |
| 1392 GetPassphraseType(trans->GetWrappedTrans()); |
1371 bool new_encrypt_everything = encrypt_everything_; | 1393 bool new_encrypt_everything = encrypt_everything_; |
1372 if (encrypt_everything_ && !IsExplicitPassphrase(passphrase_type_)) { | 1394 if (encrypt_everything_ && !IsExplicitPassphrase(*passphrase_type)) { |
1373 DVLOG(1) << "Switching to frozen implicit passphrase due to already having " | 1395 DVLOG(1) << "Switching to frozen implicit passphrase due to already having " |
1374 << "full encryption."; | 1396 << "full encryption."; |
1375 new_passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; | 1397 new_passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; |
1376 migrated_nigori.clear_keystore_decryptor_token(); | 1398 migrated_nigori.clear_keystore_decryptor_token(); |
1377 } else if (IsExplicitPassphrase(passphrase_type_)) { | 1399 } else if (IsExplicitPassphrase(*passphrase_type)) { |
1378 DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to " | 1400 DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to " |
1379 << "explicit passphrase"; | 1401 << "explicit passphrase"; |
1380 new_encrypt_everything = true; | 1402 new_encrypt_everything = true; |
1381 migrated_nigori.clear_keystore_decryptor_token(); | 1403 migrated_nigori.clear_keystore_decryptor_token(); |
1382 } else { | 1404 } else { |
1383 DCHECK(!encrypt_everything_); | 1405 DCHECK(!encrypt_everything_); |
1384 new_passphrase_type = PassphraseType::KEYSTORE_PASSPHRASE; | 1406 new_passphrase_type = PassphraseType::KEYSTORE_PASSPHRASE; |
1385 DVLOG(1) << "Switching to keystore passphrase state."; | 1407 DVLOG(1) << "Switching to keystore passphrase state."; |
1386 } | 1408 } |
1387 migrated_nigori.set_encrypt_everything(new_encrypt_everything); | 1409 migrated_nigori.set_encrypt_everything(new_encrypt_everything); |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1459 migration_time_ = base::Time::Now(); | 1481 migration_time_ = base::Time::Now(); |
1460 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); | 1482 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); |
1461 | 1483 |
1462 if (!custom_passphrase_time_.is_null()) { | 1484 if (!custom_passphrase_time_.is_null()) { |
1463 migrated_nigori.set_custom_passphrase_time( | 1485 migrated_nigori.set_custom_passphrase_time( |
1464 TimeToProtoTime(custom_passphrase_time_)); | 1486 TimeToProtoTime(custom_passphrase_time_)); |
1465 } | 1487 } |
1466 | 1488 |
1467 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1489 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
1468 OnCryptographerStateChanged(cryptographer)); | 1490 OnCryptographerStateChanged(cryptographer)); |
1469 if (passphrase_type_ != new_passphrase_type) { | 1491 if (*passphrase_type != new_passphrase_type) { |
1470 passphrase_type_ = new_passphrase_type; | 1492 *passphrase_type = new_passphrase_type; |
1471 FOR_EACH_OBSERVER( | 1493 FOR_EACH_OBSERVER( |
1472 SyncEncryptionHandler::Observer, observers_, | 1494 SyncEncryptionHandler::Observer, observers_, |
1473 OnPassphraseTypeChanged(passphrase_type_, GetExplicitPassphraseTime())); | 1495 OnPassphraseTypeChanged(*passphrase_type, |
| 1496 GetExplicitPassphraseTime(*passphrase_type))); |
1474 } | 1497 } |
1475 | 1498 |
1476 if (new_encrypt_everything && !encrypt_everything_) { | 1499 if (new_encrypt_everything && !encrypt_everything_) { |
1477 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); | 1500 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); |
1478 ReEncryptEverything(trans); | 1501 ReEncryptEverything(trans); |
1479 } else if (!cryptographer->CanDecryptUsingDefaultKey( | 1502 } else if (!cryptographer->CanDecryptUsingDefaultKey( |
1480 old_nigori.encryption_keybag())) { | 1503 old_nigori.encryption_keybag())) { |
1481 DVLOG(1) << "Rencrypting everything due to key rotation."; | 1504 DVLOG(1) << "Rencrypting everything due to key rotation."; |
1482 ReEncryptEverything(trans); | 1505 ReEncryptEverything(trans); |
1483 } | 1506 } |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1632 SyncEncryptionHandler::Observer, observers_, | 1655 SyncEncryptionHandler::Observer, observers_, |
1633 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1656 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1634 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1657 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
1635 OnCryptographerStateChanged(cryptographer)); | 1658 OnCryptographerStateChanged(cryptographer)); |
1636 return true; | 1659 return true; |
1637 } | 1660 } |
1638 } | 1661 } |
1639 return false; | 1662 return false; |
1640 } | 1663 } |
1641 | 1664 |
1642 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime() const { | 1665 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime( |
1643 if (passphrase_type_ == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) | 1666 PassphraseType passphrase_type) const { |
| 1667 if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) |
1644 return migration_time(); | 1668 return migration_time(); |
1645 else if (passphrase_type_ == PassphraseType::CUSTOM_PASSPHRASE) | 1669 else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) |
1646 return custom_passphrase_time(); | 1670 return custom_passphrase_time(); |
1647 return base::Time(); | 1671 return base::Time(); |
1648 } | 1672 } |
1649 | 1673 |
1650 } // namespace syncer | 1674 } // namespace syncer |
OLD | NEW |