OLD | NEW |
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" | 5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 | 8 |
9 #include <memory> | 9 #include <memory> |
10 #include <string> | 10 #include <string> |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
147 const std::string& passphrase) { | 147 const std::string& passphrase) { |
148 ReadTransaction trans(FROM_HERE, user_share()); | 148 ReadTransaction trans(FROM_HERE, user_share()); |
149 ReadNode nigori_node(&trans); | 149 ReadNode nigori_node(&trans); |
150 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 150 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
151 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics(); | 151 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics(); |
152 if (migration_time > 0) | 152 if (migration_time > 0) |
153 EXPECT_EQ(migration_time, nigori.keystore_migration_time()); | 153 EXPECT_EQ(migration_time, nigori.keystore_migration_time()); |
154 else | 154 else |
155 EXPECT_TRUE(nigori.has_keystore_migration_time()); | 155 EXPECT_TRUE(nigori.has_keystore_migration_time()); |
156 EXPECT_TRUE(nigori.keybag_is_frozen()); | 156 EXPECT_TRUE(nigori.keybag_is_frozen()); |
157 if (passphrase_type == CUSTOM_PASSPHRASE || | 157 if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || |
158 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) { | 158 passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) { |
159 EXPECT_TRUE(nigori.encrypt_everything()); | 159 EXPECT_TRUE(nigori.encrypt_everything()); |
160 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty()); | 160 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty()); |
161 if (passphrase_type == CUSTOM_PASSPHRASE) { | 161 if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) { |
162 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE, | 162 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE, |
163 nigori.passphrase_type()); | 163 nigori.passphrase_type()); |
164 if (!encryption_handler()->custom_passphrase_time().is_null()) { | 164 if (!encryption_handler()->custom_passphrase_time().is_null()) { |
165 EXPECT_EQ( | 165 EXPECT_EQ( |
166 nigori.custom_passphrase_time(), | 166 nigori.custom_passphrase_time(), |
167 TimeToProtoTime(encryption_handler()->custom_passphrase_time())); | 167 TimeToProtoTime(encryption_handler()->custom_passphrase_time())); |
168 } | 168 } |
169 } else { | 169 } else { |
170 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE, | 170 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE, |
171 nigori.passphrase_type()); | 171 nigori.passphrase_type()); |
(...skipping 15 matching lines...) Expand all Loading... |
187 temp_cryptographer.AddKey(params); | 187 temp_cryptographer.AddKey(params); |
188 EXPECT_TRUE(temp_cryptographer.CanDecryptUsingDefaultKey( | 188 EXPECT_TRUE(temp_cryptographer.CanDecryptUsingDefaultKey( |
189 nigori.encryption_keybag())); | 189 nigori.encryption_keybag())); |
190 } | 190 } |
191 | 191 |
192 sync_pb::NigoriSpecifics BuildMigratedNigori( | 192 sync_pb::NigoriSpecifics BuildMigratedNigori( |
193 PassphraseType passphrase_type, | 193 PassphraseType passphrase_type, |
194 int64_t migration_time, | 194 int64_t migration_time, |
195 const std::string& default_passphrase, | 195 const std::string& default_passphrase, |
196 const std::string& keystore_key) { | 196 const std::string& keystore_key) { |
197 DCHECK_NE(passphrase_type, IMPLICIT_PASSPHRASE); | 197 DCHECK_NE(passphrase_type, PassphraseType::IMPLICIT_PASSPHRASE); |
198 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 198 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
199 | 199 |
200 std::string default_key = default_passphrase; | 200 std::string default_key = default_passphrase; |
201 if (default_key.empty()) { | 201 if (default_key.empty()) { |
202 default_key = keystore_key; | 202 default_key = keystore_key; |
203 } else { | 203 } else { |
204 KeyParams keystore_params = {"localhost", "dummy", keystore_key}; | 204 KeyParams keystore_params = {"localhost", "dummy", keystore_key}; |
205 other_cryptographer.AddKey(keystore_params); | 205 other_cryptographer.AddKey(keystore_params); |
206 } | 206 } |
207 KeyParams params = {"localhost", "dummy", default_key}; | 207 KeyParams params = {"localhost", "dummy", default_key}; |
208 other_cryptographer.AddKey(params); | 208 other_cryptographer.AddKey(params); |
209 EXPECT_TRUE(other_cryptographer.is_ready()); | 209 EXPECT_TRUE(other_cryptographer.is_ready()); |
210 | 210 |
211 sync_pb::NigoriSpecifics nigori; | 211 sync_pb::NigoriSpecifics nigori; |
212 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 212 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
213 nigori.set_keybag_is_frozen(true); | 213 nigori.set_keybag_is_frozen(true); |
214 nigori.set_keystore_migration_time(migration_time); | 214 nigori.set_keystore_migration_time(migration_time); |
215 | 215 |
216 if (passphrase_type == KEYSTORE_PASSPHRASE) { | 216 if (passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE) { |
217 sync_pb::EncryptedData keystore_decryptor_token; | 217 sync_pb::EncryptedData keystore_decryptor_token; |
218 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 218 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
219 other_cryptographer, keystore_key, &keystore_decryptor_token)); | 219 other_cryptographer, keystore_key, &keystore_decryptor_token)); |
220 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 220 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
221 keystore_decryptor_token); | 221 keystore_decryptor_token); |
222 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 222 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
223 } else { | 223 } else { |
224 nigori.set_encrypt_everything(true); | 224 nigori.set_encrypt_everything(true); |
225 nigori.set_passphrase_type( | 225 nigori.set_passphrase_type( |
226 passphrase_type == CUSTOM_PASSPHRASE | 226 passphrase_type == PassphraseType::CUSTOM_PASSPHRASE |
227 ? sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE | 227 ? sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE |
228 : sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 228 : sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
229 } | 229 } |
230 return nigori; | 230 return nigori; |
231 } | 231 } |
232 | 232 |
233 // Build a migrated nigori node with the specified default passphrase | 233 // Build a migrated nigori node with the specified default passphrase |
234 // and keystore key and initialize the encryption handler with it. | 234 // and keystore key and initialize the encryption handler with it. |
235 void InitKeystoreMigratedNigori(int64_t migration_time, | 235 void InitKeystoreMigratedNigori(int64_t migration_time, |
236 const std::string& default_passphrase, | 236 const std::string& default_passphrase, |
237 const std::string& keystore_key) { | 237 const std::string& keystore_key) { |
238 { | 238 { |
239 WriteTransaction trans(FROM_HERE, user_share()); | 239 WriteTransaction trans(FROM_HERE, user_share()); |
240 WriteNode nigori_node(&trans); | 240 WriteNode nigori_node(&trans); |
241 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 241 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
242 sync_pb::NigoriSpecifics nigori = | 242 sync_pb::NigoriSpecifics nigori = |
243 BuildMigratedNigori(KEYSTORE_PASSPHRASE, migration_time, | 243 BuildMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, |
244 default_passphrase, keystore_key); | 244 migration_time, default_passphrase, keystore_key); |
245 nigori_node.SetNigoriSpecifics(nigori); | 245 nigori_node.SetNigoriSpecifics(nigori); |
246 } | 246 } |
247 | 247 |
248 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 248 EXPECT_CALL(*observer(), OnPassphraseTypeChanged( |
| 249 PassphraseType::KEYSTORE_PASSPHRASE, _)); |
249 EXPECT_CALL(*observer(), | 250 EXPECT_CALL(*observer(), |
250 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 251 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
251 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); | 252 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); |
252 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 253 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
253 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); | 254 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
254 encryption_handler()->Init(); | 255 encryption_handler()->Init(); |
255 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 256 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
256 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 257 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 258 PassphraseType::KEYSTORE_PASSPHRASE); |
257 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 259 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
258 Mock::VerifyAndClearExpectations(observer()); | 260 Mock::VerifyAndClearExpectations(observer()); |
259 } | 261 } |
260 | 262 |
261 // Build a migrated nigori node with the specified default passphrase | 263 // Build a migrated nigori node with the specified default passphrase |
262 // as a custom passphrase. | 264 // as a custom passphrase. |
263 void InitCustomPassMigratedNigori(int64_t migration_time, | 265 void InitCustomPassMigratedNigori(int64_t migration_time, |
264 const std::string& default_passphrase) { | 266 const std::string& default_passphrase) { |
265 { | 267 { |
266 WriteTransaction trans(FROM_HERE, user_share()); | 268 WriteTransaction trans(FROM_HERE, user_share()); |
267 WriteNode nigori_node(&trans); | 269 WriteNode nigori_node(&trans); |
268 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 270 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
269 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( | 271 sync_pb::NigoriSpecifics nigori = |
270 CUSTOM_PASSPHRASE, migration_time, default_passphrase, kKeystoreKey); | 272 BuildMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, migration_time, |
| 273 default_passphrase, kKeystoreKey); |
271 nigori_node.SetNigoriSpecifics(nigori); | 274 nigori_node.SetNigoriSpecifics(nigori); |
272 } | 275 } |
273 | 276 |
274 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 277 EXPECT_CALL(*observer(), |
| 278 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
275 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); | 279 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); |
276 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)) | 280 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)) |
277 .Times(AtLeast(1)); | 281 .Times(AtLeast(1)); |
278 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); | 282 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
279 encryption_handler()->Init(); | 283 encryption_handler()->Init(); |
280 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 284 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
281 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 285 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 286 PassphraseType::CUSTOM_PASSPHRASE); |
282 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 287 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
283 Mock::VerifyAndClearExpectations(observer()); | 288 Mock::VerifyAndClearExpectations(observer()); |
284 } | 289 } |
285 | 290 |
286 // Build an unmigrated nigori node with the specified passphrase and type and | 291 // Build an unmigrated nigori node with the specified passphrase and type and |
287 // initialize the encryption handler with it. | 292 // initialize the encryption handler with it. |
288 void InitUnmigratedNigori(const std::string& default_passphrase, | 293 void InitUnmigratedNigori(const std::string& default_passphrase, |
289 PassphraseType passphrase_type) { | 294 PassphraseType passphrase_type) { |
290 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE); | 295 DCHECK_NE(passphrase_type, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE); |
291 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 296 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
292 KeyParams default_key = {"localhost", "dummy", default_passphrase}; | 297 KeyParams default_key = {"localhost", "dummy", default_passphrase}; |
293 other_cryptographer.AddKey(default_key); | 298 other_cryptographer.AddKey(default_key); |
294 EXPECT_TRUE(other_cryptographer.is_ready()); | 299 EXPECT_TRUE(other_cryptographer.is_ready()); |
295 | 300 |
296 { | 301 { |
297 WriteTransaction trans(FROM_HERE, user_share()); | 302 WriteTransaction trans(FROM_HERE, user_share()); |
298 WriteNode nigori_node(&trans); | 303 WriteNode nigori_node(&trans); |
299 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 304 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
300 sync_pb::NigoriSpecifics nigori; | 305 sync_pb::NigoriSpecifics nigori; |
301 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 306 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
302 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE); | 307 nigori.set_keybag_is_frozen(passphrase_type == |
| 308 PassphraseType::CUSTOM_PASSPHRASE); |
303 nigori_node.SetNigoriSpecifics(nigori); | 309 nigori_node.SetNigoriSpecifics(nigori); |
304 } | 310 } |
305 | 311 |
306 if (passphrase_type != IMPLICIT_PASSPHRASE) { | 312 if (passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE) { |
307 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(passphrase_type, _)); | 313 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(passphrase_type, _)); |
308 } | 314 } |
309 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); | 315 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1)); |
310 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 316 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
311 encryption_handler()->Init(); | 317 encryption_handler()->Init(); |
312 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 318 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
313 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type); | 319 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type); |
314 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 320 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
315 Mock::VerifyAndClearExpectations(observer()); | 321 Mock::VerifyAndClearExpectations(observer()); |
316 } | 322 } |
(...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
614 keys.Add()->assign(kRawOldKeystoreKey); | 620 keys.Add()->assign(kRawOldKeystoreKey); |
615 keys.Add()->assign(kRawKeystoreKey); | 621 keys.Add()->assign(kRawKeystoreKey); |
616 | 622 |
617 // Pass them to the encryption handler, triggering a migration and bootstrap | 623 // Pass them to the encryption handler, triggering a migration and bootstrap |
618 // token update. | 624 // token update. |
619 std::string encoded_key; | 625 std::string encoded_key; |
620 std::string keystore_bootstrap; | 626 std::string keystore_bootstrap; |
621 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 627 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
622 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)); | 628 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)); |
623 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 629 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
624 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 630 EXPECT_CALL(*observer(), |
| 631 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
625 EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)) | 632 EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)) |
626 .WillOnce(SaveArg<0>(&keystore_bootstrap)); | 633 .WillOnce(SaveArg<0>(&keystore_bootstrap)); |
627 { | 634 { |
628 WriteTransaction trans(FROM_HERE, user_share()); | 635 WriteTransaction trans(FROM_HERE, user_share()); |
629 EXPECT_TRUE( | 636 EXPECT_TRUE( |
630 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans())); | 637 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans())); |
631 EXPECT_FALSE( | 638 EXPECT_FALSE( |
632 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans())); | 639 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans())); |
633 EXPECT_FALSE(GetCryptographer()->is_initialized()); | 640 EXPECT_FALSE(GetCryptographer()->is_initialized()); |
634 } | 641 } |
635 PumpLoop(); | 642 PumpLoop(); |
636 EXPECT_TRUE(GetCryptographer()->is_initialized()); | 643 EXPECT_TRUE(GetCryptographer()->is_initialized()); |
637 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 644 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey); |
638 | 645 |
639 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob | 646 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob |
640 // of list values containing the keystore keys). | 647 // of list values containing the keystore keys). |
641 std::string decoded_bootstrap; | 648 std::string decoded_bootstrap; |
642 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap)); | 649 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap)); |
643 std::string decrypted_bootstrap; | 650 std::string decrypted_bootstrap; |
644 ASSERT_TRUE(GetCryptographer()->encryptor()->DecryptString( | 651 ASSERT_TRUE(GetCryptographer()->encryptor()->DecryptString( |
645 decoded_bootstrap, &decrypted_bootstrap)); | 652 decoded_bootstrap, &decrypted_bootstrap)); |
646 JSONStringValueDeserializer json(decrypted_bootstrap); | 653 JSONStringValueDeserializer json(decrypted_bootstrap); |
647 std::unique_ptr<base::Value> deserialized_keystore_keys( | 654 std::unique_ptr<base::Value> deserialized_keystore_keys( |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
719 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 726 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
720 nigori_node.SetNigoriSpecifics(nigori); | 727 nigori_node.SetNigoriSpecifics(nigori); |
721 } | 728 } |
722 // Run any tasks posted via AppplyNigoriUpdate. | 729 // Run any tasks posted via AppplyNigoriUpdate. |
723 PumpLoop(); | 730 PumpLoop(); |
724 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 731 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
725 Mock::VerifyAndClearExpectations(observer()); | 732 Mock::VerifyAndClearExpectations(observer()); |
726 | 733 |
727 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 734 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
728 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 735 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
729 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 736 EXPECT_CALL(*observer(), |
| 737 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
730 EXPECT_CALL(*observer(), | 738 EXPECT_CALL(*observer(), |
731 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 739 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
732 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 740 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
733 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 741 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
734 encryption_handler()->SetDecryptionPassphrase(kOtherKey); | 742 encryption_handler()->SetDecryptionPassphrase(kOtherKey); |
735 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 743 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
736 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 744 EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE, |
737 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey); | 745 encryption_handler()->GetPassphraseType()); |
| 746 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kOtherKey); |
738 } | 747 } |
739 | 748 |
740 // Test that we don't attempt to migrate while a custom passphrase is pending, | 749 // Test that we don't attempt to migrate while a custom passphrase is pending, |
741 // and that once we do decrypt pending keys we migrate the nigori. Once | 750 // and that once we do decrypt pending keys we migrate the nigori. Once |
742 // migrated, we should be in custom passphrase state with encrypt everything. | 751 // migrated, we should be in custom passphrase state with encrypt everything. |
743 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) { | 752 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) { |
744 const char kOtherKey[] = "other"; | 753 const char kOtherKey[] = "other"; |
745 { | 754 { |
746 EXPECT_CALL(*observer(), | 755 EXPECT_CALL(*observer(), |
747 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 756 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
(...skipping 11 matching lines...) Expand all Loading... |
759 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 768 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
760 KeyParams other_key = {"localhost", "dummy", kOtherKey}; | 769 KeyParams other_key = {"localhost", "dummy", kOtherKey}; |
761 other_cryptographer.AddKey(other_key); | 770 other_cryptographer.AddKey(other_key); |
762 | 771 |
763 sync_pb::NigoriSpecifics nigori; | 772 sync_pb::NigoriSpecifics nigori; |
764 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 773 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
765 nigori.set_keybag_is_frozen(true); | 774 nigori.set_keybag_is_frozen(true); |
766 nigori.set_encrypt_everything(false); | 775 nigori.set_encrypt_everything(false); |
767 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 776 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
768 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 777 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
769 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 778 EXPECT_CALL(*observer(), |
| 779 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
770 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 780 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
771 nigori_node.SetNigoriSpecifics(nigori); | 781 nigori_node.SetNigoriSpecifics(nigori); |
772 } | 782 } |
773 // Run any tasks posted via AppplyNigoriUpdate. | 783 // Run any tasks posted via AppplyNigoriUpdate. |
774 PumpLoop(); | 784 PumpLoop(); |
775 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 785 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
776 Mock::VerifyAndClearExpectations(observer()); | 786 Mock::VerifyAndClearExpectations(observer()); |
777 | 787 |
778 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 788 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
779 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 789 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
780 std::string captured_bootstrap_token; | 790 std::string captured_bootstrap_token; |
781 EXPECT_CALL(*observer(), | 791 EXPECT_CALL(*observer(), |
782 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 792 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
783 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 793 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
784 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 794 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
785 SyncEncryptionHandler::NigoriState captured_nigori_state; | 795 SyncEncryptionHandler::NigoriState captured_nigori_state; |
786 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 796 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
787 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 797 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
788 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); | 798 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); |
789 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 799 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
790 encryption_handler()->SetDecryptionPassphrase(kOtherKey); | 800 encryption_handler()->SetDecryptionPassphrase(kOtherKey); |
791 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 801 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
792 const base::Time migration_time = encryption_handler()->migration_time(); | 802 const base::Time migration_time = encryption_handler()->migration_time(); |
793 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 803 EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE, |
794 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey); | 804 encryption_handler()->GetPassphraseType()); |
| 805 VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kOtherKey); |
795 | 806 |
796 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kOtherKey, | 807 VerifyRestoreAfterCustomPassphrase( |
797 captured_bootstrap_token, | 808 TimeToProtoTime(migration_time), kOtherKey, captured_bootstrap_token, |
798 captured_nigori_state, CUSTOM_PASSPHRASE); | 809 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
799 } | 810 } |
800 | 811 |
801 // Test that we trigger a migration when we set the keystore key, had an | 812 // Test that we trigger a migration when we set the keystore key, had an |
802 // implicit passphrase, and did not have encrypt everything. We should switch | 813 // implicit passphrase, and did not have encrypt everything. We should switch |
803 // to KEYSTORE_PASSPHRASE. | 814 // to PassphraseType::KEYSTORE_PASSPHRASE. |
804 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) { | 815 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) { |
805 const char kCurKey[] = "cur"; | 816 const char kCurKey[] = "cur"; |
806 KeyParams current_key = {"localhost", "dummy", kCurKey}; | 817 KeyParams current_key = {"localhost", "dummy", kCurKey}; |
807 GetCryptographer()->AddKey(current_key); | 818 GetCryptographer()->AddKey(current_key); |
808 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 819 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
809 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 820 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
810 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 821 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
811 encryption_handler()->Init(); | 822 encryption_handler()->Init(); |
812 Mock::VerifyAndClearExpectations(observer()); | 823 Mock::VerifyAndClearExpectations(observer()); |
813 | 824 |
814 { | 825 { |
815 ReadTransaction trans(FROM_HERE, user_share()); | 826 ReadTransaction trans(FROM_HERE, user_share()); |
816 // Once we provide a keystore key, we should perform the migration. | 827 // Once we provide a keystore key, we should perform the migration. |
817 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 828 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
818 EXPECT_CALL(*observer(), | 829 EXPECT_CALL(*observer(), |
819 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 830 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
820 encryption_handler()->SetKeystoreKeys( | 831 encryption_handler()->SetKeystoreKeys( |
821 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 832 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
822 } | 833 } |
823 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 834 EXPECT_CALL(*observer(), |
| 835 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
824 // The actual migration gets posted, so run all pending tasks. | 836 // The actual migration gets posted, so run all pending tasks. |
825 PumpLoop(); | 837 PumpLoop(); |
826 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 838 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
827 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 839 EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE, |
| 840 encryption_handler()->GetPassphraseType()); |
828 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 841 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
829 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); | 842 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kCurKey); |
830 } | 843 } |
831 | 844 |
832 // Test that we trigger a migration when we set the keystore key, had an | 845 // Test that we trigger a migration when we set the keystore key, had an |
833 // implicit passphrase, and encrypt everything enabled. We should switch to | 846 // implicit passphrase, and encrypt everything enabled. We should switch to |
834 // FROZEN_IMPLICIT_PASSPHRASE. | 847 // PassphraseType::FROZEN_IMPLICIT_PASSPHRASE. |
835 TEST_F(SyncEncryptionHandlerImplTest, | 848 TEST_F(SyncEncryptionHandlerImplTest, |
836 MigrateOnKeystoreKeyAvailableFrozenImplicit) { | 849 MigrateOnKeystoreKeyAvailableFrozenImplicit) { |
837 const char kCurKey[] = "cur"; | 850 const char kCurKey[] = "cur"; |
838 KeyParams current_key = {"localhost", "dummy", kCurKey}; | 851 KeyParams current_key = {"localhost", "dummy", kCurKey}; |
839 GetCryptographer()->AddKey(current_key); | 852 GetCryptographer()->AddKey(current_key); |
840 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 853 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
841 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 854 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
842 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 855 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
843 encryption_handler()->Init(); | 856 encryption_handler()->Init(); |
844 Mock::VerifyAndClearExpectations(observer()); | 857 Mock::VerifyAndClearExpectations(observer()); |
845 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 858 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
846 SyncEncryptionHandler::NigoriState captured_nigori_state; | 859 SyncEncryptionHandler::NigoriState captured_nigori_state; |
847 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 860 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
848 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 861 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
849 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 862 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
850 encryption_handler()->EnableEncryptEverything(); | 863 encryption_handler()->EnableEncryptEverything(); |
851 | 864 |
852 { | 865 { |
853 ReadTransaction trans(FROM_HERE, user_share()); | 866 ReadTransaction trans(FROM_HERE, user_share()); |
854 // Once we provide a keystore key, we should perform the migration. | 867 // Once we provide a keystore key, we should perform the migration. |
855 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 868 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
856 EXPECT_CALL(*observer(), | 869 EXPECT_CALL(*observer(), |
857 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 870 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
858 encryption_handler()->SetKeystoreKeys( | 871 encryption_handler()->SetKeystoreKeys( |
859 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 872 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
860 } | 873 } |
861 EXPECT_CALL(*observer(), | 874 EXPECT_CALL(*observer(), OnPassphraseTypeChanged( |
862 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); | 875 PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, _)); |
863 | 876 |
864 // The actual migration gets posted, so run all pending tasks. | 877 // The actual migration gets posted, so run all pending tasks. |
865 PumpLoop(); | 878 PumpLoop(); |
866 Mock::VerifyAndClearExpectations(observer()); | 879 Mock::VerifyAndClearExpectations(observer()); |
867 | 880 |
868 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 881 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
869 const base::Time migration_time = encryption_handler()->migration_time(); | 882 const base::Time migration_time = encryption_handler()->migration_time(); |
870 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, | 883 EXPECT_EQ(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, |
871 encryption_handler()->GetPassphraseType()); | 884 encryption_handler()->GetPassphraseType()); |
872 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 885 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
873 VerifyMigratedNigori(FROZEN_IMPLICIT_PASSPHRASE, kCurKey); | 886 VerifyMigratedNigori(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, kCurKey); |
874 | 887 |
875 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, | 888 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, |
876 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked | 889 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked |
877 // during a previous instance) so get it from the Cryptographer. | 890 // during a previous instance) so get it from the Cryptographer. |
878 std::string passphrase_bootstrap_token; | 891 std::string passphrase_bootstrap_token; |
879 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); | 892 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); |
880 VerifyRestoreAfterCustomPassphrase( | 893 VerifyRestoreAfterCustomPassphrase( |
881 TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token, | 894 TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token, |
882 captured_nigori_state, FROZEN_IMPLICIT_PASSPHRASE); | 895 captured_nigori_state, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE); |
883 } | 896 } |
884 | 897 |
885 // Test that we trigger a migration when we set the keystore key, had a | 898 // Test that we trigger a migration when we set the keystore key, had a |
886 // custom passphrase, and encrypt everything enabled. The passphrase state | 899 // custom passphrase, and encrypt everything enabled. The passphrase state |
887 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same. | 900 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same. |
888 TEST_F(SyncEncryptionHandlerImplTest, | 901 TEST_F(SyncEncryptionHandlerImplTest, |
889 MigrateOnKeystoreKeyAvailableCustomWithEncryption) { | 902 MigrateOnKeystoreKeyAvailableCustomWithEncryption) { |
890 const char kCurKey[] = "cur"; | 903 const char kCurKey[] = "cur"; |
891 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 904 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
892 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 905 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
893 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 906 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
894 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 907 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
895 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 908 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
896 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 909 EXPECT_CALL(*observer(), |
| 910 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
897 std::string captured_bootstrap_token; | 911 std::string captured_bootstrap_token; |
898 EXPECT_CALL(*observer(), | 912 EXPECT_CALL(*observer(), |
899 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 913 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
900 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 914 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
901 encryption_handler()->Init(); | 915 encryption_handler()->Init(); |
902 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); | 916 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); |
903 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 917 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
904 Mock::VerifyAndClearExpectations(observer()); | 918 Mock::VerifyAndClearExpectations(observer()); |
905 | 919 |
906 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 920 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
(...skipping 13 matching lines...) Expand all Loading... |
920 encryption_handler()->SetKeystoreKeys( | 934 encryption_handler()->SetKeystoreKeys( |
921 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 935 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
922 } | 936 } |
923 | 937 |
924 // The actual migration gets posted, so run all pending tasks. | 938 // The actual migration gets posted, so run all pending tasks. |
925 PumpLoop(); | 939 PumpLoop(); |
926 Mock::VerifyAndClearExpectations(observer()); | 940 Mock::VerifyAndClearExpectations(observer()); |
927 | 941 |
928 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 942 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
929 const base::Time migration_time = encryption_handler()->migration_time(); | 943 const base::Time migration_time = encryption_handler()->migration_time(); |
930 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 944 EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE, |
| 945 encryption_handler()->GetPassphraseType()); |
931 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 946 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
932 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); | 947 VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kCurKey); |
933 | 948 |
934 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, | 949 VerifyRestoreAfterCustomPassphrase( |
935 captured_bootstrap_token, | 950 TimeToProtoTime(migration_time), kCurKey, captured_bootstrap_token, |
936 captured_nigori_state, CUSTOM_PASSPHRASE); | 951 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
937 } | 952 } |
938 | 953 |
939 // Test that we trigger a migration when we set the keystore key, had a | 954 // Test that we trigger a migration when we set the keystore key, had a |
940 // custom passphrase, and did not have encrypt everything. The passphrase state | 955 // custom passphrase, and did not have encrypt everything. The passphrase state |
941 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled. | 956 // should remain as PassphraseType::CUSTOM_PASSPHRASE, and encrypt everything |
| 957 // should be enabled. |
942 TEST_F(SyncEncryptionHandlerImplTest, | 958 TEST_F(SyncEncryptionHandlerImplTest, |
943 MigrateOnKeystoreKeyAvailableCustomNoEncryption) { | 959 MigrateOnKeystoreKeyAvailableCustomNoEncryption) { |
944 const char kCurKey[] = "cur"; | 960 const char kCurKey[] = "cur"; |
945 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 961 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
946 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 962 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
947 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 963 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
948 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 964 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
949 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 965 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
950 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 966 EXPECT_CALL(*observer(), |
| 967 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
951 std::string captured_bootstrap_token; | 968 std::string captured_bootstrap_token; |
952 EXPECT_CALL(*observer(), | 969 EXPECT_CALL(*observer(), |
953 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 970 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
954 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 971 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
955 encryption_handler()->Init(); | 972 encryption_handler()->Init(); |
956 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); | 973 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); |
957 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 974 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
958 Mock::VerifyAndClearExpectations(observer()); | 975 Mock::VerifyAndClearExpectations(observer()); |
959 | 976 |
960 { | 977 { |
961 ReadTransaction trans(FROM_HERE, user_share()); | 978 ReadTransaction trans(FROM_HERE, user_share()); |
962 // Once we provide a keystore key, we should perform the migration. | 979 // Once we provide a keystore key, we should perform the migration. |
963 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 980 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
964 EXPECT_CALL(*observer(), | 981 EXPECT_CALL(*observer(), |
965 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 982 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
966 encryption_handler()->SetKeystoreKeys( | 983 encryption_handler()->SetKeystoreKeys( |
967 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 984 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
968 } | 985 } |
969 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 986 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
970 SyncEncryptionHandler::NigoriState captured_nigori_state; | 987 SyncEncryptionHandler::NigoriState captured_nigori_state; |
971 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 988 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
972 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 989 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
973 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 990 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
974 // The actual migration gets posted, so run all pending tasks. | 991 // The actual migration gets posted, so run all pending tasks. |
975 PumpLoop(); | 992 PumpLoop(); |
976 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 993 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
977 const base::Time migration_time = encryption_handler()->migration_time(); | 994 const base::Time migration_time = encryption_handler()->migration_time(); |
978 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 995 EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE, |
| 996 encryption_handler()->GetPassphraseType()); |
979 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 997 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
980 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); | 998 VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kCurKey); |
981 | 999 |
982 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, | 1000 VerifyRestoreAfterCustomPassphrase( |
983 captured_bootstrap_token, | 1001 TimeToProtoTime(migration_time), kCurKey, captured_bootstrap_token, |
984 captured_nigori_state, CUSTOM_PASSPHRASE); | 1002 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
985 } | 1003 } |
986 | 1004 |
987 // Test that we can handle receiving a migrated nigori node in the | 1005 // Test that we can handle receiving a migrated nigori node in the |
988 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the | 1006 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the |
989 // keybag. | 1007 // keybag. |
990 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) { | 1008 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) { |
991 const char kCurKey[] = "cur"; | 1009 const char kCurKey[] = "cur"; |
992 sync_pb::EncryptedData keystore_decryptor_token; | 1010 sync_pb::EncryptedData keystore_decryptor_token; |
993 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1011 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
994 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1012 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
995 other_cryptographer.AddKey(cur_key); | 1013 other_cryptographer.AddKey(cur_key); |
996 EXPECT_TRUE(other_cryptographer.is_ready()); | 1014 EXPECT_TRUE(other_cryptographer.is_ready()); |
997 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1015 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
998 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); | 1016 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
999 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1017 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1000 EXPECT_FALSE(GetCryptographer()->is_ready()); | 1018 EXPECT_FALSE(GetCryptographer()->is_ready()); |
1001 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1019 EXPECT_NE(encryption_handler()->GetPassphraseType(), |
| 1020 PassphraseType::KEYSTORE_PASSPHRASE); |
1002 | 1021 |
1003 // Now build a nigori node with the generated keystore decryptor token and | 1022 // Now build a nigori node with the generated keystore decryptor token and |
1004 // initialize the encryption handler with it. The cryptographer should be | 1023 // initialize the encryption handler with it. The cryptographer should be |
1005 // initialized properly to decrypt both kCurKey and kKeystoreKey. | 1024 // initialized properly to decrypt both kCurKey and kKeystoreKey. |
1006 { | 1025 { |
1007 WriteTransaction trans(FROM_HERE, user_share()); | 1026 WriteTransaction trans(FROM_HERE, user_share()); |
1008 WriteNode nigori_node(&trans); | 1027 WriteNode nigori_node(&trans); |
1009 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1028 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1010 sync_pb::NigoriSpecifics nigori; | 1029 sync_pb::NigoriSpecifics nigori; |
1011 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1030 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1012 keystore_decryptor_token); | 1031 keystore_decryptor_token); |
1013 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1032 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1014 nigori.set_keybag_is_frozen(true); | 1033 nigori.set_keybag_is_frozen(true); |
1015 nigori.set_keystore_migration_time(1); | 1034 nigori.set_keystore_migration_time(1); |
1016 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1035 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1017 | 1036 |
1018 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1037 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1019 EXPECT_CALL(*observer(), | 1038 EXPECT_CALL(*observer(), |
1020 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1039 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1021 EXPECT_CALL(*observer(), | 1040 EXPECT_CALL(*observer(), |
1022 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1041 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1023 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1042 EXPECT_CALL(*observer(), OnPassphraseTypeChanged( |
| 1043 PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1024 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1044 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1025 encryption_handler()->SetKeystoreKeys( | 1045 encryption_handler()->SetKeystoreKeys( |
1026 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1046 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1027 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1047 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1028 nigori_node.SetNigoriSpecifics(nigori); | 1048 nigori_node.SetNigoriSpecifics(nigori); |
1029 } | 1049 } |
1030 // Run any tasks posted via AppplyNigoriUpdate. | 1050 // Run any tasks posted via AppplyNigoriUpdate. |
1031 PumpLoop(); | 1051 PumpLoop(); |
1032 Mock::VerifyAndClearExpectations(observer()); | 1052 Mock::VerifyAndClearExpectations(observer()); |
1033 | 1053 |
1034 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1054 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1035 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1055 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1036 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1056 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1057 PassphraseType::KEYSTORE_PASSPHRASE); |
1037 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1058 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1038 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); | 1059 VerifyMigratedNigoriWithTimestamp(1, PassphraseType::KEYSTORE_PASSPHRASE, |
| 1060 kCurKey); |
1039 | 1061 |
1040 // Check that the cryptographer still encrypts with the current key. | 1062 // Check that the cryptographer still encrypts with the current key. |
1041 sync_pb::EncryptedData current_encrypted; | 1063 sync_pb::EncryptedData current_encrypted; |
1042 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1064 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1043 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1065 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1044 | 1066 |
1045 // Check that the cryptographer can decrypt keystore key based encryption. | 1067 // Check that the cryptographer can decrypt keystore key based encryption. |
1046 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1068 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1047 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1069 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1048 keystore_cryptographer.AddKey(keystore_key); | 1070 keystore_cryptographer.AddKey(keystore_key); |
1049 sync_pb::EncryptedData keystore_encrypted; | 1071 sync_pb::EncryptedData keystore_encrypted; |
1050 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1072 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1051 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1073 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1052 } | 1074 } |
1053 | 1075 |
1054 // Test that we handle receiving migrated nigori's with | 1076 // Test that we handle receiving migrated nigori's with |
1055 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until | 1077 // PassphraseType::FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending |
| 1078 // key state until |
1056 // we supply the pending frozen implicit passphrase key. | 1079 // we supply the pending frozen implicit passphrase key. |
1057 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) { | 1080 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) { |
1058 const char kCurKey[] = "cur"; | 1081 const char kCurKey[] = "cur"; |
1059 sync_pb::EncryptedData encrypted; | 1082 sync_pb::EncryptedData encrypted; |
1060 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1083 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1061 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1084 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1062 other_cryptographer.AddKey(cur_key); | 1085 other_cryptographer.AddKey(cur_key); |
1063 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1086 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1064 | 1087 |
1065 { | 1088 { |
1066 EXPECT_CALL(*observer(), | 1089 EXPECT_CALL(*observer(), |
1067 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1090 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1068 ReadTransaction trans(FROM_HERE, user_share()); | 1091 ReadTransaction trans(FROM_HERE, user_share()); |
1069 encryption_handler()->SetKeystoreKeys( | 1092 encryption_handler()->SetKeystoreKeys( |
1070 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1093 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1071 } | 1094 } |
1072 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1095 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1073 | 1096 |
1074 { | 1097 { |
1075 EXPECT_CALL(*observer(), | 1098 EXPECT_CALL( |
1076 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); | 1099 *observer(), |
| 1100 OnPassphraseTypeChanged(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, _)); |
1077 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 1101 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1078 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1102 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1079 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 1103 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1080 WriteTransaction trans(FROM_HERE, user_share()); | 1104 WriteTransaction trans(FROM_HERE, user_share()); |
1081 WriteNode nigori_node(&trans); | 1105 WriteNode nigori_node(&trans); |
1082 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1106 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1083 sync_pb::NigoriSpecifics nigori; | 1107 sync_pb::NigoriSpecifics nigori; |
1084 nigori.set_keybag_is_frozen(true); | 1108 nigori.set_keybag_is_frozen(true); |
1085 nigori.set_passphrase_type( | 1109 nigori.set_passphrase_type( |
1086 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 1110 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
1087 nigori.set_keystore_migration_time(1); | 1111 nigori.set_keystore_migration_time(1); |
1088 nigori.set_encrypt_everything(true); | 1112 nigori.set_encrypt_everything(true); |
1089 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1113 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1090 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1114 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1091 nigori_node.SetNigoriSpecifics(nigori); | 1115 nigori_node.SetNigoriSpecifics(nigori); |
1092 } | 1116 } |
1093 // Run any tasks posted via AppplyNigoriUpdate. | 1117 // Run any tasks posted via AppplyNigoriUpdate. |
1094 PumpLoop(); | 1118 PumpLoop(); |
1095 Mock::VerifyAndClearExpectations(observer()); | 1119 Mock::VerifyAndClearExpectations(observer()); |
1096 | 1120 |
1097 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1121 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1098 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, | 1122 EXPECT_EQ(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, |
1099 encryption_handler()->GetPassphraseType()); | 1123 encryption_handler()->GetPassphraseType()); |
1100 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1124 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1101 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1125 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1102 | 1126 |
1103 EXPECT_CALL(*observer(), | 1127 EXPECT_CALL(*observer(), |
1104 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1128 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1105 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1129 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1106 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1130 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1107 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1131 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1108 encryption_handler()->SetDecryptionPassphrase(kCurKey); | 1132 encryption_handler()->SetDecryptionPassphrase(kCurKey); |
1109 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1133 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1110 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1134 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1111 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); | 1135 VerifyMigratedNigoriWithTimestamp( |
| 1136 1, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, kCurKey); |
1112 | 1137 |
1113 // Check that the cryptographer still encrypts with the current key. | 1138 // Check that the cryptographer still encrypts with the current key. |
1114 sync_pb::EncryptedData current_encrypted; | 1139 sync_pb::EncryptedData current_encrypted; |
1115 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1140 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1116 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1141 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1117 | 1142 |
1118 // Check that the cryptographer can decrypt keystore key based encryption. | 1143 // Check that the cryptographer can decrypt keystore key based encryption. |
1119 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1144 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1120 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1145 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1121 keystore_cryptographer.AddKey(keystore_key); | 1146 keystore_cryptographer.AddKey(keystore_key); |
1122 sync_pb::EncryptedData keystore_encrypted; | 1147 sync_pb::EncryptedData keystore_encrypted; |
1123 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1148 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1124 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1149 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1125 } | 1150 } |
1126 | 1151 |
1127 // Test that we handle receiving migrated nigori's with | 1152 // Test that we handle receiving migrated nigori's with |
1128 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we | 1153 // PassphraseType::CUSTOM_PASSPHRASE state. We should be in a pending key state |
| 1154 // until we |
1129 // provide the custom passphrase key. | 1155 // provide the custom passphrase key. |
1130 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) { | 1156 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) { |
1131 const char kCurKey[] = "cur"; | 1157 const char kCurKey[] = "cur"; |
1132 sync_pb::EncryptedData encrypted; | 1158 sync_pb::EncryptedData encrypted; |
1133 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1159 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1134 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1160 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1135 other_cryptographer.AddKey(cur_key); | 1161 other_cryptographer.AddKey(cur_key); |
1136 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1162 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1137 | 1163 |
1138 { | 1164 { |
1139 EXPECT_CALL(*observer(), | 1165 EXPECT_CALL(*observer(), |
1140 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1166 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1141 ReadTransaction trans(FROM_HERE, user_share()); | 1167 ReadTransaction trans(FROM_HERE, user_share()); |
1142 encryption_handler()->SetKeystoreKeys( | 1168 encryption_handler()->SetKeystoreKeys( |
1143 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1169 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1144 } | 1170 } |
1145 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1171 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1146 | 1172 |
1147 { | 1173 { |
1148 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1174 EXPECT_CALL(*observer(), |
| 1175 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
1149 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 1176 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1150 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1177 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1151 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 1178 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1152 WriteTransaction trans(FROM_HERE, user_share()); | 1179 WriteTransaction trans(FROM_HERE, user_share()); |
1153 WriteNode nigori_node(&trans); | 1180 WriteNode nigori_node(&trans); |
1154 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1181 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1155 sync_pb::NigoriSpecifics nigori; | 1182 sync_pb::NigoriSpecifics nigori; |
1156 nigori.set_keybag_is_frozen(true); | 1183 nigori.set_keybag_is_frozen(true); |
1157 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); | 1184 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); |
1158 nigori.set_keystore_migration_time(1); | 1185 nigori.set_keystore_migration_time(1); |
1159 nigori.set_encrypt_everything(true); | 1186 nigori.set_encrypt_everything(true); |
1160 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1187 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1161 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1188 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1162 nigori_node.SetNigoriSpecifics(nigori); | 1189 nigori_node.SetNigoriSpecifics(nigori); |
1163 } | 1190 } |
1164 // Run any tasks posted via AppplyNigoriUpdate. | 1191 // Run any tasks posted via AppplyNigoriUpdate. |
1165 PumpLoop(); | 1192 PumpLoop(); |
1166 Mock::VerifyAndClearExpectations(observer()); | 1193 Mock::VerifyAndClearExpectations(observer()); |
1167 | 1194 |
1168 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1195 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1169 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 1196 EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE, |
| 1197 encryption_handler()->GetPassphraseType()); |
1170 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1198 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1171 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1199 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1172 | 1200 |
1173 EXPECT_CALL(*observer(), | 1201 EXPECT_CALL(*observer(), |
1174 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1202 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1175 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1203 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1176 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1204 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1177 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1205 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1178 encryption_handler()->SetDecryptionPassphrase(kCurKey); | 1206 encryption_handler()->SetDecryptionPassphrase(kCurKey); |
1179 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1207 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1180 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1208 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1181 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); | 1209 VerifyMigratedNigoriWithTimestamp(1, PassphraseType::CUSTOM_PASSPHRASE, |
| 1210 kCurKey); |
1182 | 1211 |
1183 // Check that the cryptographer still encrypts with the current key. | 1212 // Check that the cryptographer still encrypts with the current key. |
1184 sync_pb::EncryptedData current_encrypted; | 1213 sync_pb::EncryptedData current_encrypted; |
1185 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1214 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1186 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1215 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1187 | 1216 |
1188 // Check that the cryptographer can decrypt keystore key based encryption. | 1217 // Check that the cryptographer can decrypt keystore key based encryption. |
1189 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1218 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1190 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1219 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1191 keystore_cryptographer.AddKey(keystore_key); | 1220 keystore_cryptographer.AddKey(keystore_key); |
(...skipping 22 matching lines...) Expand all Loading... |
1214 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1243 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1215 sync_pb::NigoriSpecifics nigori; | 1244 sync_pb::NigoriSpecifics nigori; |
1216 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); | 1245 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); |
1217 nigori.set_keybag_is_frozen(true); | 1246 nigori.set_keybag_is_frozen(true); |
1218 nigori.set_keystore_migration_time(1); | 1247 nigori.set_keystore_migration_time(1); |
1219 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); | 1248 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); |
1220 nigori.set_encrypt_everything(true); | 1249 nigori.set_encrypt_everything(true); |
1221 nigori_node.SetNigoriSpecifics(nigori); | 1250 nigori_node.SetNigoriSpecifics(nigori); |
1222 } | 1251 } |
1223 | 1252 |
1224 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1253 EXPECT_CALL(*observer(), |
| 1254 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
1225 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1255 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1226 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2); | 1256 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2); |
1227 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1257 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1228 encryption_handler()->Init(); | 1258 encryption_handler()->Init(); |
1229 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1259 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1230 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1260 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1231 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1261 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1262 PassphraseType::CUSTOM_PASSPHRASE); |
1232 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1263 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1233 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey); | 1264 VerifyMigratedNigoriWithTimestamp(migration_time, |
| 1265 PassphraseType::CUSTOM_PASSPHRASE, kCurKey); |
1234 | 1266 |
1235 { | 1267 { |
1236 EXPECT_CALL(*observer(), | 1268 EXPECT_CALL(*observer(), |
1237 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1269 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1238 ReadTransaction trans(FROM_HERE, user_share()); | 1270 ReadTransaction trans(FROM_HERE, user_share()); |
1239 encryption_handler()->SetKeystoreKeys( | 1271 encryption_handler()->SetKeystoreKeys( |
1240 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1272 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1241 } | 1273 } |
1242 Mock::VerifyAndClearExpectations(observer()); | 1274 Mock::VerifyAndClearExpectations(observer()); |
1243 | 1275 |
(...skipping 15 matching lines...) Expand all Loading... |
1259 nigori.set_keybag_is_frozen(false); | 1291 nigori.set_keybag_is_frozen(false); |
1260 nigori.set_encrypt_everything(false); | 1292 nigori.set_encrypt_everything(false); |
1261 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1293 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1262 nigori_node.SetNigoriSpecifics(nigori); | 1294 nigori_node.SetNigoriSpecifics(nigori); |
1263 } | 1295 } |
1264 PumpLoop(); | 1296 PumpLoop(); |
1265 | 1297 |
1266 // Verify we're still migrated and have proper encryption state. | 1298 // Verify we're still migrated and have proper encryption state. |
1267 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1299 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1268 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1300 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1269 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1301 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1302 PassphraseType::CUSTOM_PASSPHRASE); |
1270 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1303 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1271 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); | 1304 VerifyMigratedNigoriWithTimestamp(1, PassphraseType::CUSTOM_PASSPHRASE, |
| 1305 kCurKey); |
1272 | 1306 |
1273 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, | 1307 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, |
1274 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked | 1308 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked |
1275 // during a previous instance) so get it from the Cryptographer. | 1309 // during a previous instance) so get it from the Cryptographer. |
1276 std::string passphrase_bootstrap_token; | 1310 std::string passphrase_bootstrap_token; |
1277 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); | 1311 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); |
1278 VerifyRestoreAfterCustomPassphrase(migration_time, kCurKey, | 1312 VerifyRestoreAfterCustomPassphrase( |
1279 passphrase_bootstrap_token, | 1313 migration_time, kCurKey, passphrase_bootstrap_token, |
1280 captured_nigori_state, CUSTOM_PASSPHRASE); | 1314 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
1281 } | 1315 } |
1282 | 1316 |
1283 // Test that if we have a migrated nigori with a custom passphrase, then receive | 1317 // Test that if we have a migrated nigori with a custom passphrase, then receive |
1284 // a migrated nigori with a keystore passphrase, we properly overwrite it with | 1318 // a migrated nigori with a keystore passphrase, we properly overwrite it with |
1285 // the current state. | 1319 // the current state. |
1286 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldMigratedNigori) { | 1320 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldMigratedNigori) { |
1287 const char kOldKey[] = "old"; | 1321 const char kOldKey[] = "old"; |
1288 const char kCurKey[] = "cur"; | 1322 const char kCurKey[] = "cur"; |
1289 sync_pb::EncryptedData encrypted; | 1323 sync_pb::EncryptedData encrypted; |
1290 KeyParams old_key = {"localhost", "dummy", kOldKey}; | 1324 KeyParams old_key = {"localhost", "dummy", kOldKey}; |
1291 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1325 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1292 GetCryptographer()->AddKey(old_key); | 1326 GetCryptographer()->AddKey(old_key); |
1293 GetCryptographer()->AddKey(cur_key); | 1327 GetCryptographer()->AddKey(cur_key); |
1294 | 1328 |
1295 // Build a migrated nigori with full encryption. | 1329 // Build a migrated nigori with full encryption. |
1296 { | 1330 { |
1297 WriteTransaction trans(FROM_HERE, user_share()); | 1331 WriteTransaction trans(FROM_HERE, user_share()); |
1298 WriteNode nigori_node(&trans); | 1332 WriteNode nigori_node(&trans); |
1299 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1333 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1300 sync_pb::NigoriSpecifics nigori; | 1334 sync_pb::NigoriSpecifics nigori; |
1301 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); | 1335 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); |
1302 nigori.set_keybag_is_frozen(true); | 1336 nigori.set_keybag_is_frozen(true); |
1303 nigori.set_keystore_migration_time(1); | 1337 nigori.set_keystore_migration_time(1); |
1304 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); | 1338 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); |
1305 nigori.set_encrypt_everything(true); | 1339 nigori.set_encrypt_everything(true); |
1306 nigori_node.SetNigoriSpecifics(nigori); | 1340 nigori_node.SetNigoriSpecifics(nigori); |
1307 } | 1341 } |
1308 | 1342 |
1309 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1343 EXPECT_CALL(*observer(), |
| 1344 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
1310 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1345 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1311 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2); | 1346 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2); |
1312 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1347 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1313 encryption_handler()->Init(); | 1348 encryption_handler()->Init(); |
1314 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1349 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1315 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1350 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1316 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1351 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1352 PassphraseType::CUSTOM_PASSPHRASE); |
1317 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1353 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1318 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); | 1354 VerifyMigratedNigoriWithTimestamp(1, PassphraseType::CUSTOM_PASSPHRASE, |
| 1355 kCurKey); |
1319 | 1356 |
1320 { | 1357 { |
1321 EXPECT_CALL(*observer(), | 1358 EXPECT_CALL(*observer(), |
1322 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1359 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1323 ReadTransaction trans(FROM_HERE, user_share()); | 1360 ReadTransaction trans(FROM_HERE, user_share()); |
1324 encryption_handler()->SetKeystoreKeys( | 1361 encryption_handler()->SetKeystoreKeys( |
1325 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1362 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1326 } | 1363 } |
1327 Mock::VerifyAndClearExpectations(observer()); | 1364 Mock::VerifyAndClearExpectations(observer()); |
1328 | 1365 |
(...skipping 21 matching lines...) Expand all Loading... |
1350 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1387 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1351 nigori.set_keystore_migration_time(migration_time); | 1388 nigori.set_keystore_migration_time(migration_time); |
1352 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1389 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1353 nigori_node.SetNigoriSpecifics(nigori); | 1390 nigori_node.SetNigoriSpecifics(nigori); |
1354 } | 1391 } |
1355 PumpLoop(); | 1392 PumpLoop(); |
1356 | 1393 |
1357 // Verify we're still migrated and have proper encryption state. | 1394 // Verify we're still migrated and have proper encryption state. |
1358 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1395 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1359 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1396 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1360 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1397 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1398 PassphraseType::CUSTOM_PASSPHRASE); |
1361 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1399 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1362 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey); | 1400 VerifyMigratedNigoriWithTimestamp(migration_time, |
| 1401 PassphraseType::CUSTOM_PASSPHRASE, kCurKey); |
1363 | 1402 |
1364 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, | 1403 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, |
1365 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked | 1404 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked |
1366 // during a previous instance) so get it from the Cryptographer. | 1405 // during a previous instance) so get it from the Cryptographer. |
1367 std::string passphrase_bootstrap_token; | 1406 std::string passphrase_bootstrap_token; |
1368 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); | 1407 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); |
1369 VerifyRestoreAfterCustomPassphrase(migration_time, kCurKey, | 1408 VerifyRestoreAfterCustomPassphrase( |
1370 passphrase_bootstrap_token, | 1409 migration_time, kCurKey, passphrase_bootstrap_token, |
1371 captured_nigori_state, CUSTOM_PASSPHRASE); | 1410 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
1372 } | 1411 } |
1373 | 1412 |
1374 // Test that if we receive the keystore key after receiving a migrated nigori | 1413 // Test that if we receive the keystore key after receiving a migrated nigori |
1375 // node, we properly use the keystore decryptor token to decrypt the keybag. | 1414 // node, we properly use the keystore decryptor token to decrypt the keybag. |
1376 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) { | 1415 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) { |
1377 const char kCurKey[] = "cur"; | 1416 const char kCurKey[] = "cur"; |
1378 sync_pb::EncryptedData keystore_decryptor_token; | 1417 sync_pb::EncryptedData keystore_decryptor_token; |
1379 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1418 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1380 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1419 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1381 other_cryptographer.AddKey(cur_key); | 1420 other_cryptographer.AddKey(cur_key); |
1382 EXPECT_TRUE(other_cryptographer.is_ready()); | 1421 EXPECT_TRUE(other_cryptographer.is_ready()); |
1383 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( | 1422 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( |
1384 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); | 1423 other_cryptographer, kKeystoreKey, &keystore_decryptor_token)); |
1385 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 1424 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
1386 EXPECT_FALSE(GetCryptographer()->is_ready()); | 1425 EXPECT_FALSE(GetCryptographer()->is_ready()); |
1387 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1426 EXPECT_NE(encryption_handler()->GetPassphraseType(), |
| 1427 PassphraseType::KEYSTORE_PASSPHRASE); |
1388 | 1428 |
1389 // Now build a nigori node with the generated keystore decryptor token and | 1429 // Now build a nigori node with the generated keystore decryptor token and |
1390 // initialize the encryption handler with it. The cryptographer should be | 1430 // initialize the encryption handler with it. The cryptographer should be |
1391 // initialized properly to decrypt both kCurKey and kKeystoreKey. | 1431 // initialized properly to decrypt both kCurKey and kKeystoreKey. |
1392 { | 1432 { |
1393 WriteTransaction trans(FROM_HERE, user_share()); | 1433 WriteTransaction trans(FROM_HERE, user_share()); |
1394 WriteNode nigori_node(&trans); | 1434 WriteNode nigori_node(&trans); |
1395 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1435 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1396 sync_pb::NigoriSpecifics nigori; | 1436 sync_pb::NigoriSpecifics nigori; |
1397 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1437 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1398 keystore_decryptor_token); | 1438 keystore_decryptor_token); |
1399 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1439 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1400 nigori.set_keybag_is_frozen(true); | 1440 nigori.set_keybag_is_frozen(true); |
1401 nigori.set_keystore_migration_time(1); | 1441 nigori.set_keystore_migration_time(1); |
1402 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1442 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1403 | 1443 |
1404 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1444 EXPECT_CALL(*observer(), OnPassphraseTypeChanged( |
| 1445 PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1405 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1446 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1406 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 1447 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1407 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1448 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1408 nigori_node.SetNigoriSpecifics(nigori); | 1449 nigori_node.SetNigoriSpecifics(nigori); |
1409 } | 1450 } |
1410 // Run any tasks posted via AppplyNigoriUpdate. | 1451 // Run any tasks posted via AppplyNigoriUpdate. |
1411 PumpLoop(); | 1452 PumpLoop(); |
1412 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1453 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1413 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1454 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1414 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1455 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1456 PassphraseType::KEYSTORE_PASSPHRASE); |
1415 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1457 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1416 Mock::VerifyAndClearExpectations(observer()); | 1458 Mock::VerifyAndClearExpectations(observer()); |
1417 | 1459 |
1418 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1460 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1419 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1461 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1420 EXPECT_CALL(*observer(), | 1462 EXPECT_CALL(*observer(), |
1421 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1463 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1422 { | 1464 { |
1423 EXPECT_CALL(*observer(), | 1465 EXPECT_CALL(*observer(), |
1424 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1466 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1425 ReadTransaction trans(FROM_HERE, user_share()); | 1467 ReadTransaction trans(FROM_HERE, user_share()); |
1426 encryption_handler()->SetKeystoreKeys( | 1468 encryption_handler()->SetKeystoreKeys( |
1427 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1469 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1428 } | 1470 } |
1429 PumpLoop(); | 1471 PumpLoop(); |
1430 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1472 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1431 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1473 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1432 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1474 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1475 PassphraseType::KEYSTORE_PASSPHRASE); |
1433 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1476 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1434 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); | 1477 VerifyMigratedNigoriWithTimestamp(1, PassphraseType::KEYSTORE_PASSPHRASE, |
| 1478 kCurKey); |
1435 | 1479 |
1436 // Check that the cryptographer still encrypts with the current key. | 1480 // Check that the cryptographer still encrypts with the current key. |
1437 sync_pb::EncryptedData current_encrypted; | 1481 sync_pb::EncryptedData current_encrypted; |
1438 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1482 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1439 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1483 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1440 | 1484 |
1441 // Check that the cryptographer can decrypt keystore key based encryption. | 1485 // Check that the cryptographer can decrypt keystore key based encryption. |
1442 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1486 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1443 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1487 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1444 keystore_cryptographer.AddKey(keystore_key); | 1488 keystore_cryptographer.AddKey(keystore_key); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1476 nigori.set_keystore_migration_time(migration_time); | 1520 nigori.set_keystore_migration_time(migration_time); |
1477 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1521 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1478 nigori_node.SetNigoriSpecifics(nigori); | 1522 nigori_node.SetNigoriSpecifics(nigori); |
1479 EXPECT_CALL(*observer(), | 1523 EXPECT_CALL(*observer(), |
1480 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1524 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1481 encryption_handler()->SetKeystoreKeys( | 1525 encryption_handler()->SetKeystoreKeys( |
1482 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1526 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1483 } | 1527 } |
1484 | 1528 |
1485 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1529 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1486 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1530 EXPECT_CALL(*observer(), |
| 1531 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1487 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1532 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1488 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 1533 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1489 EXPECT_CALL(*observer(), | 1534 EXPECT_CALL(*observer(), |
1490 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1535 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1491 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1536 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1492 encryption_handler()->Init(); | 1537 encryption_handler()->Init(); |
1493 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1538 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1494 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1539 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1495 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1540 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1541 PassphraseType::KEYSTORE_PASSPHRASE); |
1496 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1542 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1497 Mock::VerifyAndClearExpectations(observer()); | 1543 Mock::VerifyAndClearExpectations(observer()); |
1498 | 1544 |
1499 const char kNewKey[] = "new_key"; | 1545 const char kNewKey[] = "new_key"; |
1500 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1546 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1501 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1547 EXPECT_CALL(*observer(), |
| 1548 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
1502 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1549 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1503 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1550 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1504 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1551 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1505 std::string captured_bootstrap_token; | 1552 std::string captured_bootstrap_token; |
1506 EXPECT_CALL(*observer(), | 1553 EXPECT_CALL(*observer(), |
1507 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 1554 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1508 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 1555 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1509 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1556 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1510 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 1557 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1511 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); | 1558 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); |
1512 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); | 1559 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); |
1513 Mock::VerifyAndClearExpectations(observer()); | 1560 Mock::VerifyAndClearExpectations(observer()); |
1514 | 1561 |
1515 EXPECT_FALSE(captured_bootstrap_token.empty()); | 1562 EXPECT_FALSE(captured_bootstrap_token.empty()); |
1516 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1563 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1517 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1564 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1518 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1565 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1566 PassphraseType::CUSTOM_PASSPHRASE); |
1519 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1567 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1520 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 1568 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
1521 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); | 1569 VerifyMigratedNigoriWithTimestamp(migration_time, |
| 1570 PassphraseType::CUSTOM_PASSPHRASE, kNewKey); |
1522 | 1571 |
1523 // Check that the cryptographer can decrypt the old key. | 1572 // Check that the cryptographer can decrypt the old key. |
1524 sync_pb::EncryptedData old_encrypted; | 1573 sync_pb::EncryptedData old_encrypted; |
1525 other_cryptographer.EncryptString("string", &old_encrypted); | 1574 other_cryptographer.EncryptString("string", &old_encrypted); |
1526 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); | 1575 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); |
1527 | 1576 |
1528 // Check that the cryptographer can decrypt keystore key based encryption. | 1577 // Check that the cryptographer can decrypt keystore key based encryption. |
1529 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1578 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1530 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; | 1579 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
1531 keystore_cryptographer.AddKey(keystore_key); | 1580 keystore_cryptographer.AddKey(keystore_key); |
1532 sync_pb::EncryptedData keystore_encrypted; | 1581 sync_pb::EncryptedData keystore_encrypted; |
1533 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1582 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1534 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1583 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1535 | 1584 |
1536 // Check the the cryptographer is encrypting with the new key. | 1585 // Check the the cryptographer is encrypting with the new key. |
1537 KeyParams new_key = {"localhost", "dummy", kNewKey}; | 1586 KeyParams new_key = {"localhost", "dummy", kNewKey}; |
1538 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); | 1587 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); |
1539 new_cryptographer.AddKey(new_key); | 1588 new_cryptographer.AddKey(new_key); |
1540 sync_pb::EncryptedData new_encrypted; | 1589 sync_pb::EncryptedData new_encrypted; |
1541 new_cryptographer.EncryptString("string", &new_encrypted); | 1590 new_cryptographer.EncryptString("string", &new_encrypted); |
1542 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted)); | 1591 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted)); |
1543 | 1592 |
1544 // Now verify that we can restore the current state using the captured | 1593 // Now verify that we can restore the current state using the captured |
1545 // bootstrap token and nigori state. | 1594 // bootstrap token and nigori state. |
1546 VerifyRestoreAfterCustomPassphrase(migration_time, kNewKey, | 1595 VerifyRestoreAfterCustomPassphrase( |
1547 captured_bootstrap_token, | 1596 migration_time, kNewKey, captured_bootstrap_token, captured_nigori_state, |
1548 captured_nigori_state, CUSTOM_PASSPHRASE); | 1597 PassphraseType::CUSTOM_PASSPHRASE); |
1549 } | 1598 } |
1550 | 1599 |
1551 // Test that if a client without a keystore key (e.g. one without keystore | 1600 // Test that if a client without a keystore key (e.g. one without keystore |
1552 // encryption enabled) receives a migrated nigori and then attempts to set a | 1601 // encryption enabled) receives a migrated nigori and then attempts to set a |
1553 // custom passphrase, it also enables encrypt everything. The nigori node | 1602 // custom passphrase, it also enables encrypt everything. The nigori node |
1554 // should remain migrated. | 1603 // should remain migrated. |
1555 TEST_F(SyncEncryptionHandlerImplTest, | 1604 TEST_F(SyncEncryptionHandlerImplTest, |
1556 SetCustomPassAfterMigrationNoKeystoreKey) { | 1605 SetCustomPassAfterMigrationNoKeystoreKey) { |
1557 const char kOldKey[] = "old"; | 1606 const char kOldKey[] = "old"; |
1558 sync_pb::EncryptedData keystore_decryptor_token; | 1607 sync_pb::EncryptedData keystore_decryptor_token; |
(...skipping 18 matching lines...) Expand all Loading... |
1577 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1626 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1578 keystore_decryptor_token); | 1627 keystore_decryptor_token); |
1579 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1628 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1580 nigori.set_keybag_is_frozen(true); | 1629 nigori.set_keybag_is_frozen(true); |
1581 nigori.set_keystore_migration_time(migration_time); | 1630 nigori.set_keystore_migration_time(migration_time); |
1582 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1631 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1583 nigori_node.SetNigoriSpecifics(nigori); | 1632 nigori_node.SetNigoriSpecifics(nigori); |
1584 } | 1633 } |
1585 | 1634 |
1586 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 1635 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1587 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1636 EXPECT_CALL(*observer(), |
| 1637 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1588 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1638 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1589 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 1639 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1590 encryption_handler()->Init(); | 1640 encryption_handler()->Init(); |
1591 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1641 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1592 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1642 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1593 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1643 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1644 PassphraseType::KEYSTORE_PASSPHRASE); |
1594 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1645 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1595 Mock::VerifyAndClearExpectations(observer()); | 1646 Mock::VerifyAndClearExpectations(observer()); |
1596 | 1647 |
1597 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1648 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1598 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1649 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1599 EXPECT_CALL(*observer(), | 1650 EXPECT_CALL(*observer(), |
1600 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1651 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1601 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1652 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1602 encryption_handler()->SetDecryptionPassphrase(kOldKey); | 1653 encryption_handler()->SetDecryptionPassphrase(kOldKey); |
1603 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1654 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1604 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1655 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1605 Mock::VerifyAndClearExpectations(observer()); | 1656 Mock::VerifyAndClearExpectations(observer()); |
1606 | 1657 |
1607 const char kNewKey[] = "new_key"; | 1658 const char kNewKey[] = "new_key"; |
1608 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1659 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1609 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); | 1660 EXPECT_CALL(*observer(), |
| 1661 OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _)); |
1610 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1662 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1611 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1663 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1612 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1664 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1613 std::string captured_bootstrap_token; | 1665 std::string captured_bootstrap_token; |
1614 EXPECT_CALL(*observer(), | 1666 EXPECT_CALL(*observer(), |
1615 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 1667 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1616 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 1668 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1617 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1669 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1618 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 1670 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1619 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); | 1671 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2); |
1620 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); | 1672 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); |
1621 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1673 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1622 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1674 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1623 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); | 1675 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1676 PassphraseType::CUSTOM_PASSPHRASE); |
1624 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1677 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1625 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); | 1678 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); |
1626 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); | 1679 VerifyMigratedNigoriWithTimestamp(migration_time, |
| 1680 PassphraseType::CUSTOM_PASSPHRASE, kNewKey); |
1627 | 1681 |
1628 // Check that the cryptographer can decrypt the old key. | 1682 // Check that the cryptographer can decrypt the old key. |
1629 sync_pb::EncryptedData old_encrypted; | 1683 sync_pb::EncryptedData old_encrypted; |
1630 other_cryptographer.EncryptString("string", &old_encrypted); | 1684 other_cryptographer.EncryptString("string", &old_encrypted); |
1631 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); | 1685 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); |
1632 | 1686 |
1633 // Check that the cryptographer can still decrypt keystore key based | 1687 // Check that the cryptographer can still decrypt keystore key based |
1634 // encryption (should have been extracted from the encryption keybag). | 1688 // encryption (should have been extracted from the encryption keybag). |
1635 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1689 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1636 keystore_cryptographer.AddKey(keystore_key); | 1690 keystore_cryptographer.AddKey(keystore_key); |
1637 sync_pb::EncryptedData keystore_encrypted; | 1691 sync_pb::EncryptedData keystore_encrypted; |
1638 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1692 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1639 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1693 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1640 | 1694 |
1641 // Check the the cryptographer is encrypting with the new key. | 1695 // Check the the cryptographer is encrypting with the new key. |
1642 KeyParams new_key = {"localhost", "dummy", kNewKey}; | 1696 KeyParams new_key = {"localhost", "dummy", kNewKey}; |
1643 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); | 1697 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); |
1644 new_cryptographer.AddKey(new_key); | 1698 new_cryptographer.AddKey(new_key); |
1645 sync_pb::EncryptedData new_encrypted; | 1699 sync_pb::EncryptedData new_encrypted; |
1646 new_cryptographer.EncryptString("string", &new_encrypted); | 1700 new_cryptographer.EncryptString("string", &new_encrypted); |
1647 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted)); | 1701 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted)); |
1648 | 1702 |
1649 // Now verify that we can restore the current state using the captured | 1703 // Now verify that we can restore the current state using the captured |
1650 // bootstrap token and nigori state. | 1704 // bootstrap token and nigori state. |
1651 VerifyRestoreAfterCustomPassphrase(migration_time, kNewKey, | 1705 VerifyRestoreAfterCustomPassphrase( |
1652 captured_bootstrap_token, | 1706 migration_time, kNewKey, captured_bootstrap_token, captured_nigori_state, |
1653 captured_nigori_state, CUSTOM_PASSPHRASE); | 1707 PassphraseType::CUSTOM_PASSPHRASE); |
1654 } | 1708 } |
1655 | 1709 |
1656 // Test that if a client without a keystore key (e.g. one without keystore | 1710 // Test that if a client without a keystore key (e.g. one without keystore |
1657 // encryption enabled) receives a migrated nigori and then attempts to set a | 1711 // encryption enabled) receives a migrated nigori and then attempts to set a |
1658 // new implicit passphrase, we do not modify the nigori node (the implicit | 1712 // new implicit passphrase, we do not modify the nigori node (the implicit |
1659 // passphrase is dropped). | 1713 // passphrase is dropped). |
1660 TEST_F(SyncEncryptionHandlerImplTest, | 1714 TEST_F(SyncEncryptionHandlerImplTest, |
1661 SetImplicitPassAfterMigrationNoKeystoreKey) { | 1715 SetImplicitPassAfterMigrationNoKeystoreKey) { |
1662 const char kOldKey[] = "old"; | 1716 const char kOldKey[] = "old"; |
1663 sync_pb::EncryptedData keystore_decryptor_token; | 1717 sync_pb::EncryptedData keystore_decryptor_token; |
(...skipping 17 matching lines...) Expand all Loading... |
1681 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1735 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1682 keystore_decryptor_token); | 1736 keystore_decryptor_token); |
1683 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1737 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1684 nigori.set_keybag_is_frozen(true); | 1738 nigori.set_keybag_is_frozen(true); |
1685 nigori.set_keystore_migration_time(1); | 1739 nigori.set_keystore_migration_time(1); |
1686 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1740 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1687 nigori_node.SetNigoriSpecifics(nigori); | 1741 nigori_node.SetNigoriSpecifics(nigori); |
1688 } | 1742 } |
1689 | 1743 |
1690 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 1744 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1691 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1745 EXPECT_CALL(*observer(), |
| 1746 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1692 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1747 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1693 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 1748 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1694 encryption_handler()->Init(); | 1749 encryption_handler()->Init(); |
1695 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1750 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1696 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1751 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1697 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1752 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1753 PassphraseType::KEYSTORE_PASSPHRASE); |
1698 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1754 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1699 Mock::VerifyAndClearExpectations(observer()); | 1755 Mock::VerifyAndClearExpectations(observer()); |
1700 | 1756 |
1701 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1757 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1702 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1758 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1703 EXPECT_CALL(*observer(), | 1759 EXPECT_CALL(*observer(), |
1704 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1760 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
1705 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1761 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1706 encryption_handler()->SetDecryptionPassphrase(kOldKey); | 1762 encryption_handler()->SetDecryptionPassphrase(kOldKey); |
1707 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1763 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1708 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1764 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1709 Mock::VerifyAndClearExpectations(observer()); | 1765 Mock::VerifyAndClearExpectations(observer()); |
1710 | 1766 |
1711 // Should get dropped on the floor silently. | 1767 // Should get dropped on the floor silently. |
1712 const char kNewKey[] = "new_key"; | 1768 const char kNewKey[] = "new_key"; |
1713 encryption_handler()->SetEncryptionPassphrase(kNewKey, false); | 1769 encryption_handler()->SetEncryptionPassphrase(kNewKey, false); |
1714 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1770 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1715 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1771 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1716 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1772 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1773 PassphraseType::KEYSTORE_PASSPHRASE); |
1717 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1774 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1718 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kOldKey); | 1775 VerifyMigratedNigoriWithTimestamp(1, PassphraseType::KEYSTORE_PASSPHRASE, |
| 1776 kOldKey); |
1719 | 1777 |
1720 // Check that the cryptographer can decrypt the old key. | 1778 // Check that the cryptographer can decrypt the old key. |
1721 sync_pb::EncryptedData old_encrypted; | 1779 sync_pb::EncryptedData old_encrypted; |
1722 other_cryptographer.EncryptString("string", &old_encrypted); | 1780 other_cryptographer.EncryptString("string", &old_encrypted); |
1723 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(old_encrypted)); | 1781 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(old_encrypted)); |
1724 | 1782 |
1725 // Check that the cryptographer can still decrypt keystore key based | 1783 // Check that the cryptographer can still decrypt keystore key based |
1726 // encryption (due to extracting the keystore key from the encryption keybag). | 1784 // encryption (due to extracting the keystore key from the encryption keybag). |
1727 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1785 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1728 keystore_cryptographer.AddKey(keystore_key); | 1786 keystore_cryptographer.AddKey(keystore_key); |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1767 sync_pb::NigoriSpecifics nigori; | 1825 sync_pb::NigoriSpecifics nigori; |
1768 nigori.mutable_keystore_decryptor_token()->CopyFrom( | 1826 nigori.mutable_keystore_decryptor_token()->CopyFrom( |
1769 keystore_decryptor_token); | 1827 keystore_decryptor_token); |
1770 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1828 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1771 nigori.set_keybag_is_frozen(true); | 1829 nigori.set_keybag_is_frozen(true); |
1772 nigori.set_keystore_migration_time(migration_time); | 1830 nigori.set_keystore_migration_time(migration_time); |
1773 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1831 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1774 nigori_node.SetNigoriSpecifics(nigori); | 1832 nigori_node.SetNigoriSpecifics(nigori); |
1775 } | 1833 } |
1776 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 1834 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
1777 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1835 EXPECT_CALL(*observer(), |
| 1836 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1778 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1837 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1779 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 1838 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1780 encryption_handler()->Init(); | 1839 encryption_handler()->Init(); |
1781 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1840 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1782 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); | 1841 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); |
1783 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1842 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1843 PassphraseType::KEYSTORE_PASSPHRASE); |
1784 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1844 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1785 Mock::VerifyAndClearExpectations(observer()); | 1845 Mock::VerifyAndClearExpectations(observer()); |
1786 | 1846 |
1787 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 1847 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
1788 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1848 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1789 std::string captured_bootstrap_token; | 1849 std::string captured_bootstrap_token; |
1790 EXPECT_CALL(*observer(), | 1850 EXPECT_CALL(*observer(), |
1791 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 1851 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
1792 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 1852 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
1793 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1853 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1794 encryption_handler()->SetDecryptionPassphrase(kCurKey); | 1854 encryption_handler()->SetDecryptionPassphrase(kCurKey); |
1795 Mock::VerifyAndClearExpectations(observer()); | 1855 Mock::VerifyAndClearExpectations(observer()); |
1796 | 1856 |
1797 EXPECT_CALL(*observer(), | 1857 EXPECT_CALL(*observer(), OnPassphraseTypeChanged( |
1798 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); | 1858 PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, _)); |
1799 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1859 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1800 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); | 1860 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)); |
1801 SyncEncryptionHandler::NigoriState captured_nigori_state; | 1861 SyncEncryptionHandler::NigoriState captured_nigori_state; |
1802 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 1862 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
1803 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 1863 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
1804 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1864 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1805 encryption_handler()->EnableEncryptEverything(); | 1865 encryption_handler()->EnableEncryptEverything(); |
1806 Mock::VerifyAndClearExpectations(observer()); | 1866 Mock::VerifyAndClearExpectations(observer()); |
1807 | 1867 |
1808 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1868 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1809 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1869 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1810 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, | 1870 EXPECT_EQ(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, |
1811 encryption_handler()->GetPassphraseType()); | 1871 encryption_handler()->GetPassphraseType()); |
1812 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); | 1872 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); |
1813 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); | 1873 VerifyMigratedNigoriWithTimestamp( |
| 1874 1, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, kCurKey); |
1814 | 1875 |
1815 // Check that the cryptographer is encrypting using the frozen current key. | 1876 // Check that the cryptographer is encrypting using the frozen current key. |
1816 sync_pb::EncryptedData current_encrypted; | 1877 sync_pb::EncryptedData current_encrypted; |
1817 other_cryptographer.EncryptString("string", ¤t_encrypted); | 1878 other_cryptographer.EncryptString("string", ¤t_encrypted); |
1818 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); | 1879 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); |
1819 | 1880 |
1820 // Check that the cryptographer can still decrypt keystore key based | 1881 // Check that the cryptographer can still decrypt keystore key based |
1821 // encryption (due to extracting the keystore key from the encryption keybag). | 1882 // encryption (due to extracting the keystore key from the encryption keybag). |
1822 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1883 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
1823 keystore_cryptographer.AddKey(keystore_key); | 1884 keystore_cryptographer.AddKey(keystore_key); |
1824 sync_pb::EncryptedData keystore_encrypted; | 1885 sync_pb::EncryptedData keystore_encrypted; |
1825 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1886 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
1826 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1887 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
1827 | 1888 |
1828 VerifyRestoreAfterCustomPassphrase( | 1889 VerifyRestoreAfterCustomPassphrase( |
1829 migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state, | 1890 migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state, |
1830 FROZEN_IMPLICIT_PASSPHRASE); | 1891 PassphraseType::FROZEN_IMPLICIT_PASSPHRASE); |
1831 } | 1892 } |
1832 | 1893 |
1833 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but | 1894 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but |
1834 // using an old default key (i.e. old GAIA password), we should overwrite the | 1895 // using an old default key (i.e. old GAIA password), we should overwrite the |
1835 // nigori, updating the keybag and keystore decryptor. | 1896 // nigori, updating the keybag and keystore decryptor. |
1836 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriWithOldPassphrase) { | 1897 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriWithOldPassphrase) { |
1837 const char kOldKey[] = "old"; | 1898 const char kOldKey[] = "old"; |
1838 const char kCurKey[] = "cur"; | 1899 const char kCurKey[] = "cur"; |
1839 sync_pb::EncryptedData encrypted; | 1900 sync_pb::EncryptedData encrypted; |
1840 KeyParams old_key = {"localhost", "dummy", kOldKey}; | 1901 KeyParams old_key = {"localhost", "dummy", kOldKey}; |
1841 KeyParams cur_key = {"localhost", "dummy", kCurKey}; | 1902 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
1842 GetCryptographer()->AddKey(old_key); | 1903 GetCryptographer()->AddKey(old_key); |
1843 GetCryptographer()->AddKey(cur_key); | 1904 GetCryptographer()->AddKey(cur_key); |
1844 | 1905 |
1845 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1906 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1846 other_cryptographer.AddKey(old_key); | 1907 other_cryptographer.AddKey(old_key); |
1847 EXPECT_TRUE(other_cryptographer.is_ready()); | 1908 EXPECT_TRUE(other_cryptographer.is_ready()); |
1848 | 1909 |
1849 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1910 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1850 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 1911 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
1851 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1912 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1852 encryption_handler()->Init(); | 1913 encryption_handler()->Init(); |
1853 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1914 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1854 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1915 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1855 | 1916 |
1856 { | 1917 { |
1857 EXPECT_CALL(*observer(), | 1918 EXPECT_CALL(*observer(), |
1858 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 1919 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
1859 ReadTransaction trans(FROM_HERE, user_share()); | 1920 ReadTransaction trans(FROM_HERE, user_share()); |
1860 encryption_handler()->SetKeystoreKeys( | 1921 encryption_handler()->SetKeystoreKeys( |
1861 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 1922 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
1862 } | 1923 } |
1863 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 1924 EXPECT_CALL(*observer(), |
| 1925 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
1864 PumpLoop(); | 1926 PumpLoop(); |
1865 Mock::VerifyAndClearExpectations(observer()); | 1927 Mock::VerifyAndClearExpectations(observer()); |
1866 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1928 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1867 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1929 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
1868 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); | 1930 PassphraseType::KEYSTORE_PASSPHRASE); |
| 1931 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kCurKey); |
1869 | 1932 |
1870 // Now build an old keystore passphrase nigori node. | 1933 // Now build an old keystore passphrase nigori node. |
1871 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 1934 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
1872 EXPECT_CALL(*observer(), OnEncryptionComplete()); | 1935 EXPECT_CALL(*observer(), OnEncryptionComplete()); |
1873 { | 1936 { |
1874 WriteTransaction trans(FROM_HERE, user_share()); | 1937 WriteTransaction trans(FROM_HERE, user_share()); |
1875 WriteNode nigori_node(&trans); | 1938 WriteNode nigori_node(&trans); |
1876 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); | 1939 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); |
1877 sync_pb::NigoriSpecifics nigori; | 1940 sync_pb::NigoriSpecifics nigori; |
1878 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); | 1941 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
1879 other_cryptographer.AddKey(old_key); | 1942 other_cryptographer.AddKey(old_key); |
1880 encryption_handler()->GetKeystoreDecryptor( | 1943 encryption_handler()->GetKeystoreDecryptor( |
1881 other_cryptographer, kKeystoreKey, | 1944 other_cryptographer, kKeystoreKey, |
1882 nigori.mutable_keystore_decryptor_token()); | 1945 nigori.mutable_keystore_decryptor_token()); |
1883 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); | 1946 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
1884 nigori.set_keybag_is_frozen(true); | 1947 nigori.set_keybag_is_frozen(true); |
1885 nigori.set_encrypt_everything(false); | 1948 nigori.set_encrypt_everything(false); |
1886 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); | 1949 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
1887 nigori.set_keystore_migration_time(1); | 1950 nigori.set_keystore_migration_time(1); |
1888 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 1951 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
1889 nigori_node.SetNigoriSpecifics(nigori); | 1952 nigori_node.SetNigoriSpecifics(nigori); |
1890 } | 1953 } |
1891 PumpLoop(); | 1954 PumpLoop(); |
1892 | 1955 |
1893 // Verify we're still migrated and have proper encryption state. | 1956 // Verify we're still migrated and have proper encryption state. |
1894 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 1957 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1895 EXPECT_TRUE(GetCryptographer()->is_ready()); | 1958 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1896 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 1959 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 1960 PassphraseType::KEYSTORE_PASSPHRASE); |
1897 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 1961 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1898 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); | 1962 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kCurKey); |
1899 } | 1963 } |
1900 | 1964 |
1901 // Trigger a key rotation upon receiving new keys if we already had a keystore | 1965 // Trigger a key rotation upon receiving new keys if we already had a keystore |
1902 // migrated nigori with the gaia key as the default (still in backwards | 1966 // migrated nigori with the gaia key as the default (still in backwards |
1903 // compatible mode). | 1967 // compatible mode). |
1904 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefault) { | 1968 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefault) { |
1905 // Destroy the existing nigori node so we init without a nigori node. | 1969 // Destroy the existing nigori node so we init without a nigori node. |
1906 TearDown(); | 1970 TearDown(); |
1907 test_user_share_.SetUp(); | 1971 test_user_share_.SetUp(); |
1908 SetUpEncryption(); | 1972 SetUpEncryption(); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1940 } | 2004 } |
1941 // Pump for any posted tasks. | 2005 // Pump for any posted tasks. |
1942 PumpLoop(); | 2006 PumpLoop(); |
1943 Mock::VerifyAndClearExpectations(observer()); | 2007 Mock::VerifyAndClearExpectations(observer()); |
1944 | 2008 |
1945 // Verify we're still migrated and have proper encryption state. We should | 2009 // Verify we're still migrated and have proper encryption state. We should |
1946 // have rotated the keybag so that it's now encrypted with the newest keystore | 2010 // have rotated the keybag so that it's now encrypted with the newest keystore |
1947 // key (instead of the old gaia key). | 2011 // key (instead of the old gaia key). |
1948 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2012 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
1949 EXPECT_TRUE(GetCryptographer()->is_ready()); | 2013 EXPECT_TRUE(GetCryptographer()->is_ready()); |
1950 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 2014 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 2015 PassphraseType::KEYSTORE_PASSPHRASE); |
1951 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 2016 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
1952 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2017 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey); |
1953 } | 2018 } |
1954 | 2019 |
1955 // Trigger a key rotation upon receiving new keys if we already had a keystore | 2020 // Trigger a key rotation upon receiving new keys if we already had a keystore |
1956 // migrated nigori with the keystore key as the default. | 2021 // migrated nigori with the keystore key as the default. |
1957 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysKeystoreDefault) { | 2022 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysKeystoreDefault) { |
1958 // Destroy the existing nigori node so we init without a nigori node. | 2023 // Destroy the existing nigori node so we init without a nigori node. |
1959 TearDown(); | 2024 TearDown(); |
1960 test_user_share_.SetUp(); | 2025 test_user_share_.SetUp(); |
1961 SetUpEncryption(); | 2026 SetUpEncryption(); |
1962 | 2027 |
(...skipping 29 matching lines...) Expand all Loading... |
1992 } | 2057 } |
1993 // Pump for any posted tasks. | 2058 // Pump for any posted tasks. |
1994 PumpLoop(); | 2059 PumpLoop(); |
1995 Mock::VerifyAndClearExpectations(observer()); | 2060 Mock::VerifyAndClearExpectations(observer()); |
1996 | 2061 |
1997 // Verify we're still migrated and have proper encryption state. We should | 2062 // Verify we're still migrated and have proper encryption state. We should |
1998 // have rotated the keybag so that it's now encrypted with the newest keystore | 2063 // have rotated the keybag so that it's now encrypted with the newest keystore |
1999 // key (instead of the old gaia key). | 2064 // key (instead of the old gaia key). |
2000 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2065 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2001 EXPECT_TRUE(GetCryptographer()->is_ready()); | 2066 EXPECT_TRUE(GetCryptographer()->is_ready()); |
2002 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 2067 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 2068 PassphraseType::KEYSTORE_PASSPHRASE); |
2003 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 2069 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
2004 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2070 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey); |
2005 } | 2071 } |
2006 | 2072 |
2007 // Trigger a key rotation upon when a pending gaia passphrase is resolved. | 2073 // Trigger a key rotation upon when a pending gaia passphrase is resolved. |
2008 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysAfterPendingGaiaResolved) { | 2074 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysAfterPendingGaiaResolved) { |
2009 const char kOldGaiaKey[] = "old_gaia_key"; | 2075 const char kOldGaiaKey[] = "old_gaia_key"; |
2010 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 2076 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2011 | 2077 |
2012 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 2078 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2013 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); | 2079 InitUnmigratedNigori(kOldGaiaKey, PassphraseType::IMPLICIT_PASSPHRASE); |
2014 | 2080 |
2015 { | 2081 { |
2016 // Pass multiple keystore keys, signaling a rotation has happened. | 2082 // Pass multiple keystore keys, signaling a rotation has happened. |
2017 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2083 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2018 keys.Add()->assign(kRawOldKeystoreKey); | 2084 keys.Add()->assign(kRawOldKeystoreKey); |
2019 keys.Add()->assign(kRawKeystoreKey); | 2085 keys.Add()->assign(kRawKeystoreKey); |
2020 ReadTransaction trans(FROM_HERE, user_share()); | 2086 ReadTransaction trans(FROM_HERE, user_share()); |
2021 EXPECT_CALL(*observer(), | 2087 EXPECT_CALL(*observer(), |
2022 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2088 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2023 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); | 2089 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2024 } | 2090 } |
2025 PumpLoop(); | 2091 PumpLoop(); |
2026 Mock::VerifyAndClearExpectations(observer()); | 2092 Mock::VerifyAndClearExpectations(observer()); |
2027 | 2093 |
2028 // Resolve the pending keys. This should trigger the key rotation. | 2094 // Resolve the pending keys. This should trigger the key rotation. |
2029 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2095 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2030 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 2096 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2031 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 2097 EXPECT_CALL(*observer(), |
| 2098 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
2032 EXPECT_CALL(*observer(), | 2099 EXPECT_CALL(*observer(), |
2033 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 2100 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
2034 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); | 2101 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
2035 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 2102 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
2036 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey); | 2103 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey); |
2037 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2104 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2038 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 2105 EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE, |
2039 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2106 encryption_handler()->GetPassphraseType()); |
| 2107 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey); |
2040 } | 2108 } |
2041 | 2109 |
2042 // When signing in for the first time, make sure we can rotate keys if we | 2110 // When signing in for the first time, make sure we can rotate keys if we |
2043 // already have a keystore migrated nigori. | 2111 // already have a keystore migrated nigori. |
2044 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) { | 2112 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) { |
2045 // Destroy the existing nigori node so we init without a nigori node. | 2113 // Destroy the existing nigori node so we init without a nigori node. |
2046 TearDown(); | 2114 TearDown(); |
2047 test_user_share_.SetUp(); | 2115 test_user_share_.SetUp(); |
2048 SetUpEncryption(); | 2116 SetUpEncryption(); |
2049 | 2117 |
(...skipping 19 matching lines...) Expand all Loading... |
2069 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 2137 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2070 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); | 2138 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); |
2071 PumpLoop(); | 2139 PumpLoop(); |
2072 Mock::VerifyAndClearExpectations(observer()); | 2140 Mock::VerifyAndClearExpectations(observer()); |
2073 | 2141 |
2074 // Verify we're still migrated and have proper encryption state. We should | 2142 // Verify we're still migrated and have proper encryption state. We should |
2075 // have rotated the keybag so that it's now encrypted with the newest keystore | 2143 // have rotated the keybag so that it's now encrypted with the newest keystore |
2076 // key (instead of the old gaia key). | 2144 // key (instead of the old gaia key). |
2077 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2145 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2078 EXPECT_TRUE(GetCryptographer()->is_ready()); | 2146 EXPECT_TRUE(GetCryptographer()->is_ready()); |
2079 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); | 2147 EXPECT_EQ(encryption_handler()->GetPassphraseType(), |
| 2148 PassphraseType::KEYSTORE_PASSPHRASE); |
2080 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); | 2149 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); |
2081 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2150 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey); |
2082 } | 2151 } |
2083 | 2152 |
2084 // Trigger a key rotation when a migrated nigori (with an old keystore key) is | 2153 // Trigger a key rotation when a migrated nigori (with an old keystore key) is |
2085 // applied. | 2154 // applied. |
2086 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysWhenMigratedNigoriArrives) { | 2155 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysWhenMigratedNigoriArrives) { |
2087 const char kOldGaiaKey[] = "old_gaia_key"; | 2156 const char kOldGaiaKey[] = "old_gaia_key"; |
2088 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 2157 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2089 std::string old_keystore_key; | 2158 std::string old_keystore_key; |
2090 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); | 2159 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); |
2091 | 2160 |
2092 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 2161 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2093 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); | 2162 InitUnmigratedNigori(kOldGaiaKey, PassphraseType::IMPLICIT_PASSPHRASE); |
2094 | 2163 |
2095 { | 2164 { |
2096 // Pass multiple keystore keys, signaling a rotation has happened. | 2165 // Pass multiple keystore keys, signaling a rotation has happened. |
2097 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2166 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2098 keys.Add()->assign(kRawOldKeystoreKey); | 2167 keys.Add()->assign(kRawOldKeystoreKey); |
2099 keys.Add()->assign(kRawKeystoreKey); | 2168 keys.Add()->assign(kRawKeystoreKey); |
2100 ReadTransaction trans(FROM_HERE, user_share()); | 2169 ReadTransaction trans(FROM_HERE, user_share()); |
2101 EXPECT_CALL(*observer(), | 2170 EXPECT_CALL(*observer(), |
2102 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2171 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2103 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); | 2172 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2104 } | 2173 } |
2105 PumpLoop(); | 2174 PumpLoop(); |
2106 Mock::VerifyAndClearExpectations(observer()); | 2175 Mock::VerifyAndClearExpectations(observer()); |
2107 | 2176 |
2108 // Now simulate downloading a nigori node that was migrated before the | 2177 // Now simulate downloading a nigori node that was migrated before the |
2109 // keys were rotated, and hence still encrypt with the old gaia key. | 2178 // keys were rotated, and hence still encrypt with the old gaia key. |
2110 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2179 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2111 EXPECT_CALL(*observer(), OnPassphraseAccepted()); | 2180 EXPECT_CALL(*observer(), OnPassphraseAccepted()); |
2112 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 2181 EXPECT_CALL(*observer(), |
| 2182 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
2113 EXPECT_CALL(*observer(), | 2183 EXPECT_CALL(*observer(), |
2114 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); | 2184 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); |
2115 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); | 2185 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1)); |
2116 { | 2186 { |
2117 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( | 2187 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( |
2118 KEYSTORE_PASSPHRASE, 1, kOldGaiaKey, old_keystore_key); | 2188 PassphraseType::KEYSTORE_PASSPHRASE, 1, kOldGaiaKey, old_keystore_key); |
2119 // Update the encryption handler. | 2189 // Update the encryption handler. |
2120 WriteTransaction trans(FROM_HERE, user_share()); | 2190 WriteTransaction trans(FROM_HERE, user_share()); |
2121 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 2191 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
2122 } | 2192 } |
2123 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); | 2193 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); |
2124 PumpLoop(); | 2194 PumpLoop(); |
2125 | 2195 |
2126 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); | 2196 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
2127 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); | 2197 EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE, |
2128 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); | 2198 encryption_handler()->GetPassphraseType()); |
| 2199 VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey); |
2129 } | 2200 } |
2130 | 2201 |
2131 // Verify that performing a migration while having more than one keystore key | 2202 // Verify that performing a migration while having more than one keystore key |
2132 // preserves a custom passphrase. | 2203 // preserves a custom passphrase. |
2133 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) { | 2204 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) { |
2134 const char kCustomPass[] = "custom_passphrase"; | 2205 const char kCustomPass[] = "custom_passphrase"; |
2135 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 2206 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2136 | 2207 |
2137 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 2208 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2138 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE); | 2209 InitUnmigratedNigori(kCustomPass, PassphraseType::CUSTOM_PASSPHRASE); |
2139 | 2210 |
2140 { | 2211 { |
2141 // Pass multiple keystore keys, signaling a rotation has happened. | 2212 // Pass multiple keystore keys, signaling a rotation has happened. |
2142 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2213 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2143 keys.Add()->assign(kRawOldKeystoreKey); | 2214 keys.Add()->assign(kRawOldKeystoreKey); |
2144 keys.Add()->assign(kRawKeystoreKey); | 2215 keys.Add()->assign(kRawKeystoreKey); |
2145 ReadTransaction trans(FROM_HERE, user_share()); | 2216 ReadTransaction trans(FROM_HERE, user_share()); |
2146 EXPECT_CALL(*observer(), | 2217 EXPECT_CALL(*observer(), |
2147 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2218 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2148 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); | 2219 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
(...skipping 10 matching lines...) Expand all Loading... |
2159 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 2230 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
2160 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 2231 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
2161 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AnyNumber()); | 2232 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AnyNumber()); |
2162 std::string captured_bootstrap_token; | 2233 std::string captured_bootstrap_token; |
2163 EXPECT_CALL(*observer(), | 2234 EXPECT_CALL(*observer(), |
2164 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) | 2235 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) |
2165 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); | 2236 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); |
2166 encryption_handler()->SetDecryptionPassphrase(kCustomPass); | 2237 encryption_handler()->SetDecryptionPassphrase(kCustomPass); |
2167 Mock::VerifyAndClearExpectations(observer()); | 2238 Mock::VerifyAndClearExpectations(observer()); |
2168 | 2239 |
2169 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass); | 2240 VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kCustomPass); |
2170 | 2241 |
2171 const base::Time migration_time = encryption_handler()->migration_time(); | 2242 const base::Time migration_time = encryption_handler()->migration_time(); |
2172 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), | 2243 VerifyRestoreAfterCustomPassphrase( |
2173 kCustomPass, captured_bootstrap_token, | 2244 TimeToProtoTime(migration_time), kCustomPass, captured_bootstrap_token, |
2174 captured_nigori_state, CUSTOM_PASSPHRASE); | 2245 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
2175 } | 2246 } |
2176 | 2247 |
2177 // Verify that a key rotation done after we've migrated a custom passphrase | 2248 // Verify that a key rotation done after we've migrated a custom passphrase |
2178 // nigori node preserves the custom passphrase. | 2249 // nigori node preserves the custom passphrase. |
2179 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysMigratedCustomPassphrase) { | 2250 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysMigratedCustomPassphrase) { |
2180 const char kCustomPass[] = "custom_passphrase"; | 2251 const char kCustomPass[] = "custom_passphrase"; |
2181 const char kRawOldKeystoreKey[] = "old_keystore_key"; | 2252 const char kRawOldKeystoreKey[] = "old_keystore_key"; |
2182 | 2253 |
2183 KeyParams custom_key = {"localhost", "dummy", kCustomPass}; | 2254 KeyParams custom_key = {"localhost", "dummy", kCustomPass}; |
2184 GetCryptographer()->AddKey(custom_key); | 2255 GetCryptographer()->AddKey(custom_key); |
2185 | 2256 |
2186 const int64_t migration_time = 1; | 2257 const int64_t migration_time = 1; |
2187 InitCustomPassMigratedNigori(migration_time, kCustomPass); | 2258 InitCustomPassMigratedNigori(migration_time, kCustomPass); |
2188 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, | 2259 VerifyMigratedNigoriWithTimestamp( |
2189 kCustomPass); | 2260 migration_time, PassphraseType::CUSTOM_PASSPHRASE, kCustomPass); |
2190 | 2261 |
2191 SyncEncryptionHandler::NigoriState captured_nigori_state; | 2262 SyncEncryptionHandler::NigoriState captured_nigori_state; |
2192 { | 2263 { |
2193 // Pass multiple keystore keys, signaling a rotation has happened. | 2264 // Pass multiple keystore keys, signaling a rotation has happened. |
2194 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; | 2265 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; |
2195 keys.Add()->assign(kRawOldKeystoreKey); | 2266 keys.Add()->assign(kRawOldKeystoreKey); |
2196 keys.Add()->assign(kRawKeystoreKey); | 2267 keys.Add()->assign(kRawKeystoreKey); |
2197 ReadTransaction trans(FROM_HERE, user_share()); | 2268 ReadTransaction trans(FROM_HERE, user_share()); |
2198 EXPECT_CALL(*observer(), | 2269 EXPECT_CALL(*observer(), |
2199 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2270 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2200 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2271 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2201 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) | 2272 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) |
2202 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); | 2273 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); |
2203 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); | 2274 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()); |
2204 } | 2275 } |
2205 PumpLoop(); | 2276 PumpLoop(); |
2206 Mock::VerifyAndClearExpectations(observer()); | 2277 Mock::VerifyAndClearExpectations(observer()); |
2207 | 2278 |
2208 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, | 2279 VerifyMigratedNigoriWithTimestamp( |
2209 kCustomPass); | 2280 migration_time, PassphraseType::CUSTOM_PASSPHRASE, kCustomPass); |
2210 | 2281 |
2211 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, | 2282 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, |
2212 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked | 2283 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked |
2213 // during a previous instance) so get it from the Cryptographer. | 2284 // during a previous instance) so get it from the Cryptographer. |
2214 std::string passphrase_bootstrap_token; | 2285 std::string passphrase_bootstrap_token; |
2215 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); | 2286 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); |
2216 VerifyRestoreAfterCustomPassphrase(migration_time, kCustomPass, | 2287 VerifyRestoreAfterCustomPassphrase( |
2217 passphrase_bootstrap_token, | 2288 migration_time, kCustomPass, passphrase_bootstrap_token, |
2218 captured_nigori_state, CUSTOM_PASSPHRASE); | 2289 captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE); |
2219 } | 2290 } |
2220 | 2291 |
2221 // Verify that the client can gracefully handle a nigori node that is missing | 2292 // Verify that the client can gracefully handle a nigori node that is missing |
2222 // the keystore migration time field. | 2293 // the keystore migration time field. |
2223 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) { | 2294 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) { |
2224 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2295 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2225 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 2296 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2226 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); | 2297 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false)); |
2227 encryption_handler()->Init(); | 2298 encryption_handler()->Init(); |
2228 Mock::VerifyAndClearExpectations(observer()); | 2299 Mock::VerifyAndClearExpectations(observer()); |
2229 | 2300 |
2230 // Now simulate downloading a nigori node that that is missing the keystore | 2301 // Now simulate downloading a nigori node that that is missing the keystore |
2231 // migration time. It should be interpreted properly, and the passphrase type | 2302 // migration time. It should be interpreted properly, and the passphrase type |
2232 // should switch to keystore passphrase. | 2303 // should switch to keystore passphrase. |
2233 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2304 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2234 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); | 2305 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); |
2235 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); | 2306 EXPECT_CALL(*observer(), |
| 2307 OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _)); |
2236 { | 2308 { |
2237 sync_pb::NigoriSpecifics nigori = | 2309 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( |
2238 BuildMigratedNigori(KEYSTORE_PASSPHRASE, 1, kKeystoreKey, kKeystoreKey); | 2310 PassphraseType::KEYSTORE_PASSPHRASE, 1, kKeystoreKey, kKeystoreKey); |
2239 nigori.clear_keystore_migration_time(); | 2311 nigori.clear_keystore_migration_time(); |
2240 // Update the encryption handler. | 2312 // Update the encryption handler. |
2241 WriteTransaction trans(FROM_HERE, user_share()); | 2313 WriteTransaction trans(FROM_HERE, user_share()); |
2242 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); | 2314 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
2243 } | 2315 } |
2244 Mock::VerifyAndClearExpectations(observer()); | 2316 Mock::VerifyAndClearExpectations(observer()); |
2245 | 2317 |
2246 // Now provide the keystore key to fully initialize the cryptographer. | 2318 // Now provide the keystore key to fully initialize the cryptographer. |
2247 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); | 2319 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); |
2248 EXPECT_CALL(*observer(), | 2320 EXPECT_CALL(*observer(), |
2249 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); | 2321 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
2250 { | 2322 { |
2251 ReadTransaction trans(FROM_HERE, user_share()); | 2323 ReadTransaction trans(FROM_HERE, user_share()); |
2252 encryption_handler()->SetKeystoreKeys( | 2324 encryption_handler()->SetKeystoreKeys( |
2253 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); | 2325 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans()); |
2254 } | 2326 } |
2255 } | 2327 } |
2256 | 2328 |
2257 } // namespace syncer | 2329 } // namespace syncer |
OLD | NEW |