Make PassphraseType a "enum class" instead of "enum".

components/sync/core_impl/sync_encryption_handler_impl_unittest.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/sync/core_impl/sync_encryption_handler_impl.h"
 
 #include <stdint.h>
 
 #include <memory>
 #include <string>
@@ skipping 136 matching lines @@
                                          const std::string& passphrase) {
     ReadTransaction trans(FROM_HERE, user_share());
     ReadNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics();
     if (migration_time > 0)
       EXPECT_EQ(migration_time, nigori.keystore_migration_time());
     else
       EXPECT_TRUE(nigori.has_keystore_migration_time());
     EXPECT_TRUE(nigori.keybag_is_frozen());
-    if (passphrase_type == CUSTOM_PASSPHRASE ||
-        passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) {
+    if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE ||
+        passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) {
       EXPECT_TRUE(nigori.encrypt_everything());
       EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty());
-      if (passphrase_type == CUSTOM_PASSPHRASE) {
+      if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) {
         EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE,
                   nigori.passphrase_type());
         if (!encryption_handler()->custom_passphrase_time().is_null()) {
           EXPECT_EQ(
               nigori.custom_passphrase_time(),
               TimeToProtoTime(encryption_handler()->custom_passphrase_time()));
         }
       } else {
         EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE,
                   nigori.passphrase_type());
@@ skipping 15 matching lines @@
     temp_cryptographer.AddKey(params);
     EXPECT_TRUE(temp_cryptographer.CanDecryptUsingDefaultKey(
         nigori.encryption_keybag()));
   }
 
   sync_pb::NigoriSpecifics BuildMigratedNigori(
       PassphraseType passphrase_type,
       int64_t migration_time,
       const std::string& default_passphrase,
       const std::string& keystore_key) {
-    DCHECK_NE(passphrase_type, IMPLICIT_PASSPHRASE);
+    DCHECK_NE(passphrase_type, PassphraseType::IMPLICIT_PASSPHRASE);
     Cryptographer other_cryptographer(GetCryptographer()->encryptor());
 
     std::string default_key = default_passphrase;
     if (default_key.empty()) {
       default_key = keystore_key;
     } else {
       KeyParams keystore_params = {"localhost", "dummy", keystore_key};
       other_cryptographer.AddKey(keystore_params);
     }
     KeyParams params = {"localhost", "dummy", default_key};
     other_cryptographer.AddKey(params);
     EXPECT_TRUE(other_cryptographer.is_ready());
 
     sync_pb::NigoriSpecifics nigori;
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(migration_time);
 
-    if (passphrase_type == KEYSTORE_PASSPHRASE) {
+    if (passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE) {
       sync_pb::EncryptedData keystore_decryptor_token;
       EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
           other_cryptographer, keystore_key, &keystore_decryptor_token));
       nigori.mutable_keystore_decryptor_token()->CopyFrom(
           keystore_decryptor_token);
       nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     } else {
       nigori.set_encrypt_everything(true);
       nigori.set_passphrase_type(
-          passphrase_type == CUSTOM_PASSPHRASE
+          passphrase_type == PassphraseType::CUSTOM_PASSPHRASE
               ? sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE
               : sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
     }
     return nigori;
   }
 
   // Build a migrated nigori node with the specified default passphrase
   // and keystore key and initialize the encryption handler with it.
   void InitKeystoreMigratedNigori(int64_t migration_time,
                                   const std::string& default_passphrase,
                                   const std::string& keystore_key) {
     {
       WriteTransaction trans(FROM_HERE, user_share());
       WriteNode nigori_node(&trans);
       ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
       sync_pb::NigoriSpecifics nigori =
-          BuildMigratedNigori(KEYSTORE_PASSPHRASE, migration_time,
-                              default_passphrase, keystore_key);
+          BuildMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE,
+                              migration_time, default_passphrase, keystore_key);
       nigori_node.SetNigoriSpecifics(nigori);
     }
 
-    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(
+                                 PassphraseType::KEYSTORE_PASSPHRASE, _));
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1));
     EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
     EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
     encryption_handler()->Init();
     EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-    EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+    EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+              PassphraseType::KEYSTORE_PASSPHRASE);
     EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
     Mock::VerifyAndClearExpectations(observer());
   }
 
   // Build a migrated nigori node with the specified default passphrase
   // as a custom passphrase.
   void InitCustomPassMigratedNigori(int64_t migration_time,
                                     const std::string& default_passphrase) {
     {
       WriteTransaction trans(FROM_HERE, user_share());
       WriteNode nigori_node(&trans);
       ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
-      sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
-          CUSTOM_PASSPHRASE, migration_time, default_passphrase, kKeystoreKey);
+      sync_pb::NigoriSpecifics nigori =
+          BuildMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, migration_time,
+                              default_passphrase, kKeystoreKey);
       nigori_node.SetNigoriSpecifics(nigori);
     }
 
-    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+    EXPECT_CALL(*observer(),
+                OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1));
     EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true))
         .Times(AtLeast(1));
     EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
     encryption_handler()->Init();
     EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-    EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+    EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+              PassphraseType::CUSTOM_PASSPHRASE);
     EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
     Mock::VerifyAndClearExpectations(observer());
   }
 
   // Build an unmigrated nigori node with the specified passphrase and type and
   // initialize the encryption handler with it.
   void InitUnmigratedNigori(const std::string& default_passphrase,
                             PassphraseType passphrase_type) {
-    DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE);
+    DCHECK_NE(passphrase_type, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE);
     Cryptographer other_cryptographer(GetCryptographer()->encryptor());
     KeyParams default_key = {"localhost", "dummy", default_passphrase};
     other_cryptographer.AddKey(default_key);
     EXPECT_TRUE(other_cryptographer.is_ready());
 
     {
       WriteTransaction trans(FROM_HERE, user_share());
       WriteNode nigori_node(&trans);
       ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
       sync_pb::NigoriSpecifics nigori;
       other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
-      nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE);
+      nigori.set_keybag_is_frozen(passphrase_type ==
+                                  PassphraseType::CUSTOM_PASSPHRASE);
       nigori_node.SetNigoriSpecifics(nigori);
     }
 
-    if (passphrase_type != IMPLICIT_PASSPHRASE) {
+    if (passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE) {
       EXPECT_CALL(*observer(), OnPassphraseTypeChanged(passphrase_type, _));
     }
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1));
     EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
     encryption_handler()->Init();
     EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
     EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type);
     EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
     Mock::VerifyAndClearExpectations(observer());
   }
@@ skipping 297 matching lines @@
   keys.Add()->assign(kRawOldKeystoreKey);
   keys.Add()->assign(kRawKeystoreKey);
 
   // Pass them to the encryption handler, triggering a migration and bootstrap
   // token update.
   std::string encoded_key;
   std::string keystore_bootstrap;
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_));
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN))
       .WillOnce(SaveArg<0>(&keystore_bootstrap));
   {
     WriteTransaction trans(FROM_HERE, user_share());
     EXPECT_TRUE(
         encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()));
     EXPECT_FALSE(
         encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
     EXPECT_FALSE(GetCryptographer()->is_initialized());
   }
   PumpLoop();
   EXPECT_TRUE(GetCryptographer()->is_initialized());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey);
 
   // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob
   // of list values containing the keystore keys).
   std::string decoded_bootstrap;
   ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap));
   std::string decrypted_bootstrap;
   ASSERT_TRUE(GetCryptographer()->encryptor()->DecryptString(
       decoded_bootstrap, &decrypted_bootstrap));
   JSONStringValueDeserializer json(decrypted_bootstrap);
   std::unique_ptr<base::Value> deserialized_keystore_keys(
@@ skipping 71 matching lines @@
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   // Run any tasks posted via AppplyNigoriUpdate.
   PumpLoop();
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   encryption_handler()->SetDecryptionPassphrase(kOtherKey);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey);
+  EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kOtherKey);
 }
 
 // Test that we don't attempt to migrate while a custom passphrase is pending,
 // and that once we do decrypt pending keys we migrate the nigori. Once
 // migrated, we should be in custom passphrase state with encrypt everything.
 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) {
   const char kOtherKey[] = "other";
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
@@ skipping 11 matching lines @@
     Cryptographer other_cryptographer(GetCryptographer()->encryptor());
     KeyParams other_key = {"localhost", "dummy", kOtherKey};
     other_cryptographer.AddKey(other_key);
 
     sync_pb::NigoriSpecifics nigori;
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_encrypt_everything(false);
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+    EXPECT_CALL(*observer(),
+                OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   // Run any tasks posted via AppplyNigoriUpdate.
   PumpLoop();
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2);
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   encryption_handler()->SetDecryptionPassphrase(kOtherKey);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   const base::Time migration_time = encryption_handler()->migration_time();
-  EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
-  VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey);
+  EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
+  VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kOtherKey);
 
-  VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kOtherKey,
-                                     captured_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      TimeToProtoTime(migration_time), kOtherKey, captured_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that we trigger a migration when we set the keystore key, had an
 // implicit passphrase, and did not have encrypt everything. We should switch
-// to KEYSTORE_PASSPHRASE.
+// to PassphraseType::KEYSTORE_PASSPHRASE.
 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) {
   const char kCurKey[] = "cur";
   KeyParams current_key = {"localhost", "dummy", kCurKey};
   GetCryptographer()->AddKey(current_key);
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->Init();
   Mock::VerifyAndClearExpectations(observer());
 
   {
     ReadTransaction trans(FROM_HERE, user_share());
     // Once we provide a keystore key, we should perform the migration.
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   // The actual migration gets posted, so run all pending tasks.
   PumpLoop();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
+  EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kCurKey);
 }
 
 // Test that we trigger a migration when we set the keystore key, had an
 // implicit passphrase, and encrypt everything enabled. We should switch to
-// FROZEN_IMPLICIT_PASSPHRASE.
+// PassphraseType::FROZEN_IMPLICIT_PASSPHRASE.
 TEST_F(SyncEncryptionHandlerImplTest,
        MigrateOnKeystoreKeyAvailableFrozenImplicit) {
   const char kCurKey[] = "cur";
   KeyParams current_key = {"localhost", "dummy", kCurKey};
   GetCryptographer()->AddKey(current_key);
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->Init();
   Mock::VerifyAndClearExpectations(observer());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->EnableEncryptEverything();
 
   {
     ReadTransaction trans(FROM_HERE, user_share());
     // Once we provide a keystore key, we should perform the migration.
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
-  EXPECT_CALL(*observer(),
-              OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
+  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(
+                               PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, _));
 
   // The actual migration gets posted, so run all pending tasks.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   const base::Time migration_time = encryption_handler()->migration_time();
-  EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
+  EXPECT_EQ(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE,
             encryption_handler()->GetPassphraseType());
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
+  VerifyMigratedNigori(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
 
   // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_,
   // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked
   // during a previous instance) so get it from the Cryptographer.
   std::string passphrase_bootstrap_token;
   GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token);
   VerifyRestoreAfterCustomPassphrase(
       TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token,
-      captured_nigori_state, FROZEN_IMPLICIT_PASSPHRASE);
+      captured_nigori_state, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE);
 }
 
 // Test that we trigger a migration when we set the keystore key, had a
 // custom passphrase, and encrypt everything enabled. The passphrase state
 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same.
 TEST_F(SyncEncryptionHandlerImplTest,
        MigrateOnKeystoreKeyAvailableCustomWithEncryption) {
   const char kCurKey[] = "cur";
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   encryption_handler()->Init();
   encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
   EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
@@ skipping 13 matching lines @@
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
 
   // The actual migration gets posted, so run all pending tasks.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   const base::Time migration_time = encryption_handler()->migration_time();
-  EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
+  EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kCurKey);
 
-  VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey,
-                                     captured_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      TimeToProtoTime(migration_time), kCurKey, captured_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that we trigger a migration when we set the keystore key, had a
 // custom passphrase, and did not have encrypt everything. The passphrase state
-// should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled.
+// should remain as PassphraseType::CUSTOM_PASSPHRASE, and encrypt everything
+// should be enabled.
 TEST_F(SyncEncryptionHandlerImplTest,
        MigrateOnKeystoreKeyAvailableCustomNoEncryption) {
   const char kCurKey[] = "cur";
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   encryption_handler()->Init();
   encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
   EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
   Mock::VerifyAndClearExpectations(observer());
 
   {
     ReadTransaction trans(FROM_HERE, user_share());
     // Once we provide a keystore key, we should perform the migration.
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   // The actual migration gets posted, so run all pending tasks.
   PumpLoop();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   const base::Time migration_time = encryption_handler()->migration_time();
-  EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
+  EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kCurKey);
 
-  VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey,
-                                     captured_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      TimeToProtoTime(migration_time), kCurKey, captured_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that we can handle receiving a migrated nigori node in the
 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the
 // keybag.
 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) {
   const char kCurKey[] = "cur";
   sync_pb::EncryptedData keystore_decryptor_token;
   Cryptographer other_cryptographer(GetCryptographer()->encryptor());
   KeyParams cur_key = {"localhost", "dummy", kCurKey};
   other_cryptographer.AddKey(cur_key);
   EXPECT_TRUE(other_cryptographer.is_ready());
   EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
       other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   EXPECT_FALSE(GetCryptographer()->is_ready());
-  EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_NE(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
 
   // Now build a nigori node with the generated keystore decryptor token and
   // initialize the encryption handler with it. The cryptographer should be
   // initialized properly to decrypt both kCurKey and kKeystoreKey.
   {
     WriteTransaction trans(FROM_HERE, user_share());
     WriteNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     nigori.mutable_keystore_decryptor_token()->CopyFrom(
         keystore_decryptor_token);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(1);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
 
     EXPECT_CALL(*observer(), OnPassphraseAccepted());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
-    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(
+                                 PassphraseType::KEYSTORE_PASSPHRASE, _));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   // Run any tasks posted via AppplyNigoriUpdate.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(1, PassphraseType::KEYSTORE_PASSPHRASE,
+                                    kCurKey);
 
   // Check that the cryptographer still encrypts with the current key.
   sync_pb::EncryptedData current_encrypted;
   other_cryptographer.EncryptString("string", &current_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
 
   // Check that the cryptographer can decrypt keystore key based encryption.
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
   keystore_cryptographer.AddKey(keystore_key);
   sync_pb::EncryptedData keystore_encrypted;
   keystore_cryptographer.EncryptString("string", &keystore_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
 }
 
 // Test that we handle receiving migrated nigori's with
-// FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until
+// PassphraseType::FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending
+// key state until
 // we supply the pending frozen implicit passphrase key.
 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) {
   const char kCurKey[] = "cur";
   sync_pb::EncryptedData encrypted;
   Cryptographer other_cryptographer(GetCryptographer()->encryptor());
   KeyParams cur_key = {"localhost", "dummy", kCurKey};
   other_cryptographer.AddKey(cur_key);
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
 
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
 
   {
-    EXPECT_CALL(*observer(),
-                OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
+    EXPECT_CALL(
+        *observer(),
+        OnPassphraseTypeChanged(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, _));
     EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
     WriteTransaction trans(FROM_HERE, user_share());
     WriteNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     nigori.set_keybag_is_frozen(true);
     nigori.set_passphrase_type(
         sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
     nigori.set_keystore_migration_time(1);
     nigori.set_encrypt_everything(true);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   // Run any tasks posted via AppplyNigoriUpdate.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
+  EXPECT_EQ(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE,
             encryption_handler()->GetPassphraseType());
   EXPECT_TRUE(GetCryptographer()->has_pending_keys());
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
 
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   encryption_handler()->SetDecryptionPassphrase(kCurKey);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(
+      1, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
 
   // Check that the cryptographer still encrypts with the current key.
   sync_pb::EncryptedData current_encrypted;
   other_cryptographer.EncryptString("string", &current_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
 
   // Check that the cryptographer can decrypt keystore key based encryption.
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
   keystore_cryptographer.AddKey(keystore_key);
   sync_pb::EncryptedData keystore_encrypted;
   keystore_cryptographer.EncryptString("string", &keystore_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
 }
 
 // Test that we handle receiving migrated nigori's with
-// CUSTOM_PASSPHRASE state. We should be in a pending key state until we
+// PassphraseType::CUSTOM_PASSPHRASE state. We should be in a pending key state
+// until we
 // provide the custom passphrase key.
 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) {
   const char kCurKey[] = "cur";
   sync_pb::EncryptedData encrypted;
   Cryptographer other_cryptographer(GetCryptographer()->encryptor());
   KeyParams cur_key = {"localhost", "dummy", kCurKey};
   other_cryptographer.AddKey(cur_key);
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
 
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
 
   {
-    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+    EXPECT_CALL(*observer(),
+                OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
     EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
     WriteTransaction trans(FROM_HERE, user_share());
     WriteNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     nigori.set_keybag_is_frozen(true);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
     nigori.set_keystore_migration_time(1);
     nigori.set_encrypt_everything(true);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   // Run any tasks posted via AppplyNigoriUpdate.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
+  EXPECT_EQ(PassphraseType::CUSTOM_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
   EXPECT_TRUE(GetCryptographer()->has_pending_keys());
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
 
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   encryption_handler()->SetDecryptionPassphrase(kCurKey);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(1, PassphraseType::CUSTOM_PASSPHRASE,
+                                    kCurKey);
 
   // Check that the cryptographer still encrypts with the current key.
   sync_pb::EncryptedData current_encrypted;
   other_cryptographer.EncryptString("string", &current_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
 
   // Check that the cryptographer can decrypt keystore key based encryption.
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
   keystore_cryptographer.AddKey(keystore_key);
@@ skipping 22 matching lines @@
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(1);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
     nigori.set_encrypt_everything(true);
     nigori_node.SetNigoriSpecifics(nigori);
   }
 
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2);
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->Init();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::CUSTOM_PASSPHRASE);
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(migration_time,
+                                    PassphraseType::CUSTOM_PASSPHRASE, kCurKey);
 
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
   Mock::VerifyAndClearExpectations(observer());
 
@@ skipping 15 matching lines @@
     nigori.set_keybag_is_frozen(false);
     nigori.set_encrypt_everything(false);
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   PumpLoop();
 
   // Verify we're still migrated and have proper encryption state.
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::CUSTOM_PASSPHRASE);
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(1, PassphraseType::CUSTOM_PASSPHRASE,
+                                    kCurKey);
 
   // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_,
   // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked
   // during a previous instance) so get it from the Cryptographer.
   std::string passphrase_bootstrap_token;
   GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token);
-  VerifyRestoreAfterCustomPassphrase(migration_time, kCurKey,
-                                     passphrase_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      migration_time, kCurKey, passphrase_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that if we have a migrated nigori with a custom passphrase, then receive
 // a migrated nigori with a keystore passphrase, we properly overwrite it with
 // the current state.
 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldMigratedNigori) {
   const char kOldKey[] = "old";
   const char kCurKey[] = "cur";
   sync_pb::EncryptedData encrypted;
   KeyParams old_key = {"localhost", "dummy", kOldKey};
   KeyParams cur_key = {"localhost", "dummy", kCurKey};
   GetCryptographer()->AddKey(old_key);
   GetCryptographer()->AddKey(cur_key);
 
   // Build a migrated nigori with full encryption.
   {
     WriteTransaction trans(FROM_HERE, user_share());
     WriteNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(1);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
     nigori.set_encrypt_everything(true);
     nigori_node.SetNigoriSpecifics(nigori);
   }
 
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2);
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->Init();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::CUSTOM_PASSPHRASE);
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(1, PassphraseType::CUSTOM_PASSPHRASE,
+                                    kCurKey);
 
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
   Mock::VerifyAndClearExpectations(observer());
 
@@ skipping 21 matching lines @@
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     nigori.set_keystore_migration_time(migration_time);
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   PumpLoop();
 
   // Verify we're still migrated and have proper encryption state.
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::CUSTOM_PASSPHRASE);
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(migration_time,
+                                    PassphraseType::CUSTOM_PASSPHRASE, kCurKey);
 
   // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_,
   // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked
   // during a previous instance) so get it from the Cryptographer.
   std::string passphrase_bootstrap_token;
   GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token);
-  VerifyRestoreAfterCustomPassphrase(migration_time, kCurKey,
-                                     passphrase_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      migration_time, kCurKey, passphrase_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that if we receive the keystore key after receiving a migrated nigori
 // node, we properly use the keystore decryptor token to decrypt the keybag.
 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) {
   const char kCurKey[] = "cur";
   sync_pb::EncryptedData keystore_decryptor_token;
   Cryptographer other_cryptographer(GetCryptographer()->encryptor());
   KeyParams cur_key = {"localhost", "dummy", kCurKey};
   other_cryptographer.AddKey(cur_key);
   EXPECT_TRUE(other_cryptographer.is_ready());
   EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
       other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   EXPECT_FALSE(GetCryptographer()->is_ready());
-  EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_NE(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
 
   // Now build a nigori node with the generated keystore decryptor token and
   // initialize the encryption handler with it. The cryptographer should be
   // initialized properly to decrypt both kCurKey and kKeystoreKey.
   {
     WriteTransaction trans(FROM_HERE, user_share());
     WriteNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     nigori.mutable_keystore_decryptor_token()->CopyFrom(
         keystore_decryptor_token);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(1);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
 
-    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+    EXPECT_CALL(*observer(), OnPassphraseTypeChanged(
+                                 PassphraseType::KEYSTORE_PASSPHRASE, _));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   // Run any tasks posted via AppplyNigoriUpdate.
   PumpLoop();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->has_pending_keys());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
   PumpLoop();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(1, PassphraseType::KEYSTORE_PASSPHRASE,
+                                    kCurKey);
 
   // Check that the cryptographer still encrypts with the current key.
   sync_pb::EncryptedData current_encrypted;
   other_cryptographer.EncryptString("string", &current_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
 
   // Check that the cryptographer can decrypt keystore key based encryption.
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
   keystore_cryptographer.AddKey(keystore_key);
@@ skipping 31 matching lines @@
     nigori.set_keystore_migration_time(migration_time);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     nigori_node.SetNigoriSpecifics(nigori);
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
 
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->Init();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   const char kNewKey[] = "new_key";
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
   EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2);
   encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_FALSE(captured_bootstrap_token.empty());
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::CUSTOM_PASSPHRASE);
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
   EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
-  VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey);
+  VerifyMigratedNigoriWithTimestamp(migration_time,
+                                    PassphraseType::CUSTOM_PASSPHRASE, kNewKey);
 
   // Check that the cryptographer can decrypt the old key.
   sync_pb::EncryptedData old_encrypted;
   other_cryptographer.EncryptString("string", &old_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
 
   // Check that the cryptographer can decrypt keystore key based encryption.
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
   keystore_cryptographer.AddKey(keystore_key);
   sync_pb::EncryptedData keystore_encrypted;
   keystore_cryptographer.EncryptString("string", &keystore_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
 
   // Check the the cryptographer is encrypting with the new key.
   KeyParams new_key = {"localhost", "dummy", kNewKey};
   Cryptographer new_cryptographer(GetCryptographer()->encryptor());
   new_cryptographer.AddKey(new_key);
   sync_pb::EncryptedData new_encrypted;
   new_cryptographer.EncryptString("string", &new_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
 
   // Now verify that we can restore the current state using the captured
   // bootstrap token and nigori state.
-  VerifyRestoreAfterCustomPassphrase(migration_time, kNewKey,
-                                     captured_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      migration_time, kNewKey, captured_bootstrap_token, captured_nigori_state,
+      PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that if a client without a keystore key (e.g. one without keystore
 // encryption enabled) receives a migrated nigori and then attempts to set a
 // custom passphrase, it also enables encrypt everything. The nigori node
 // should remain migrated.
 TEST_F(SyncEncryptionHandlerImplTest,
        SetCustomPassAfterMigrationNoKeystoreKey) {
   const char kOldKey[] = "old";
   sync_pb::EncryptedData keystore_decryptor_token;
@@ skipping 18 matching lines @@
     nigori.mutable_keystore_decryptor_token()->CopyFrom(
         keystore_decryptor_token);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(migration_time);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     nigori_node.SetNigoriSpecifics(nigori);
   }
 
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   encryption_handler()->Init();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->has_pending_keys());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->SetDecryptionPassphrase(kOldKey);
   EXPECT_TRUE(GetCryptographer()->is_ready());
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   const char kNewKey[] = "new_key";
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::CUSTOM_PASSPHRASE, _));
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
   EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2);
   encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::CUSTOM_PASSPHRASE);
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
   EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
-  VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey);
+  VerifyMigratedNigoriWithTimestamp(migration_time,
+                                    PassphraseType::CUSTOM_PASSPHRASE, kNewKey);
 
   // Check that the cryptographer can decrypt the old key.
   sync_pb::EncryptedData old_encrypted;
   other_cryptographer.EncryptString("string", &old_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
 
   // Check that the cryptographer can still decrypt keystore key based
   // encryption (should have been extracted from the encryption keybag).
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   keystore_cryptographer.AddKey(keystore_key);
   sync_pb::EncryptedData keystore_encrypted;
   keystore_cryptographer.EncryptString("string", &keystore_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
 
   // Check the the cryptographer is encrypting with the new key.
   KeyParams new_key = {"localhost", "dummy", kNewKey};
   Cryptographer new_cryptographer(GetCryptographer()->encryptor());
   new_cryptographer.AddKey(new_key);
   sync_pb::EncryptedData new_encrypted;
   new_cryptographer.EncryptString("string", &new_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
 
   // Now verify that we can restore the current state using the captured
   // bootstrap token and nigori state.
-  VerifyRestoreAfterCustomPassphrase(migration_time, kNewKey,
-                                     captured_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      migration_time, kNewKey, captured_bootstrap_token, captured_nigori_state,
+      PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Test that if a client without a keystore key (e.g. one without keystore
 // encryption enabled) receives a migrated nigori and then attempts to set a
 // new implicit passphrase, we do not modify the nigori node (the implicit
 // passphrase is dropped).
 TEST_F(SyncEncryptionHandlerImplTest,
        SetImplicitPassAfterMigrationNoKeystoreKey) {
   const char kOldKey[] = "old";
   sync_pb::EncryptedData keystore_decryptor_token;
@@ skipping 17 matching lines @@
     nigori.mutable_keystore_decryptor_token()->CopyFrom(
         keystore_decryptor_token);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(1);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     nigori_node.SetNigoriSpecifics(nigori);
   }
 
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   encryption_handler()->Init();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->has_pending_keys());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->SetDecryptionPassphrase(kOldKey);
   EXPECT_TRUE(GetCryptographer()->is_ready());
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   // Should get dropped on the floor silently.
   const char kNewKey[] = "new_key";
   encryption_handler()->SetEncryptionPassphrase(kNewKey, false);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kOldKey);
+  VerifyMigratedNigoriWithTimestamp(1, PassphraseType::KEYSTORE_PASSPHRASE,
+                                    kOldKey);
 
   // Check that the cryptographer can decrypt the old key.
   sync_pb::EncryptedData old_encrypted;
   other_cryptographer.EncryptString("string", &old_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(old_encrypted));
 
   // Check that the cryptographer can still decrypt keystore key based
   // encryption (due to extracting the keystore key from the encryption keybag).
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   keystore_cryptographer.AddKey(keystore_key);
@@ skipping 38 matching lines @@
     sync_pb::NigoriSpecifics nigori;
     nigori.mutable_keystore_decryptor_token()->CopyFrom(
         keystore_decryptor_token);
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_keystore_migration_time(migration_time);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     nigori_node.SetNigoriSpecifics(nigori);
   }
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   encryption_handler()->Init();
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->has_pending_keys());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->SetDecryptionPassphrase(kCurKey);
   Mock::VerifyAndClearExpectations(observer());
 
-  EXPECT_CALL(*observer(),
-              OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
+  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(
+                               PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, _));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   encryption_handler()->EnableEncryptEverything();
   Mock::VerifyAndClearExpectations(observer());
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
+  EXPECT_EQ(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE,
             encryption_handler()->GetPassphraseType());
   EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
+  VerifyMigratedNigoriWithTimestamp(
+      1, PassphraseType::FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
 
   // Check that the cryptographer is encrypting using the frozen current key.
   sync_pb::EncryptedData current_encrypted;
   other_cryptographer.EncryptString("string", &current_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
 
   // Check that the cryptographer can still decrypt keystore key based
   // encryption (due to extracting the keystore key from the encryption keybag).
   Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
   keystore_cryptographer.AddKey(keystore_key);
   sync_pb::EncryptedData keystore_encrypted;
   keystore_cryptographer.EncryptString("string", &keystore_encrypted);
   EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
 
   VerifyRestoreAfterCustomPassphrase(
       migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state,
-      FROZEN_IMPLICIT_PASSPHRASE);
+      PassphraseType::FROZEN_IMPLICIT_PASSPHRASE);
 }
 
-// If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but
+// If we receive a nigori migrated and with a  KEYSTORE_PASSPHRASE type, but
 // using an old default key (i.e. old GAIA password), we should overwrite the
 // nigori, updating the keybag and keystore decryptor.
 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriWithOldPassphrase) {
   const char kOldKey[] = "old";
   const char kCurKey[] = "cur";
   sync_pb::EncryptedData encrypted;
   KeyParams old_key = {"localhost", "dummy", kOldKey};
   KeyParams cur_key = {"localhost", "dummy", kCurKey};
   GetCryptographer()->AddKey(old_key);
   GetCryptographer()->AddKey(cur_key);
 
   Cryptographer other_cryptographer(GetCryptographer()->encryptor());
   other_cryptographer.AddKey(old_key);
   EXPECT_TRUE(other_cryptographer.is_ready());
 
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   encryption_handler()->Init();
   EXPECT_TRUE(GetCryptographer()->is_ready());
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
 
   {
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kCurKey);
 
   // Now build an old keystore passphrase nigori node.
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnEncryptionComplete());
   {
     WriteTransaction trans(FROM_HERE, user_share());
     WriteNode nigori_node(&trans);
     ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
     sync_pb::NigoriSpecifics nigori;
     Cryptographer other_cryptographer(GetCryptographer()->encryptor());
     other_cryptographer.AddKey(old_key);
     encryption_handler()->GetKeystoreDecryptor(
         other_cryptographer, kKeystoreKey,
         nigori.mutable_keystore_decryptor_token());
     other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
     nigori.set_keybag_is_frozen(true);
     nigori.set_encrypt_everything(false);
     nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
     nigori.set_keystore_migration_time(1);
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
     nigori_node.SetNigoriSpecifics(nigori);
   }
   PumpLoop();
 
   // Verify we're still migrated and have proper encryption state.
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kCurKey);
 }
 
 // Trigger a key rotation upon receiving new keys if we already had a keystore
 // migrated nigori with the gaia key as the default (still in backwards
 // compatible mode).
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefault) {
   // Destroy the existing nigori node so we init without a nigori node.
   TearDown();
   test_user_share_.SetUp();
   SetUpEncryption();
@@ skipping 31 matching lines @@
   }
   // Pump for any posted tasks.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   // Verify we're still migrated and have proper encryption state. We should
   // have rotated the keybag so that it's now encrypted with the newest keystore
   // key (instead of the old gaia key).
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey);
 }
 
 // Trigger a key rotation upon receiving new keys if we already had a keystore
 // migrated nigori with the keystore key as the default.
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysKeystoreDefault) {
   // Destroy the existing nigori node so we init without a nigori node.
   TearDown();
   test_user_share_.SetUp();
   SetUpEncryption();
 
@@ skipping 29 matching lines @@
   }
   // Pump for any posted tasks.
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   // Verify we're still migrated and have proper encryption state. We should
   // have rotated the keybag so that it's now encrypted with the newest keystore
   // key (instead of the old gaia key).
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey);
 }
 
 // Trigger a key rotation upon when a pending gaia passphrase is resolved.
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysAfterPendingGaiaResolved) {
   const char kOldGaiaKey[] = "old_gaia_key";
   const char kRawOldKeystoreKey[] = "old_keystore_key";
 
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
+  InitUnmigratedNigori(kOldGaiaKey, PassphraseType::IMPLICIT_PASSPHRASE);
 
   {
     // Pass multiple keystore keys, signaling a rotation has happened.
     google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
     keys.Add()->assign(kRawOldKeystoreKey);
     keys.Add()->assign(kRawKeystoreKey);
     ReadTransaction trans(FROM_HERE, user_share());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
   }
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   // Resolve the pending keys. This should trigger the key rotation.
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey);
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
+  EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey);
 }
 
 // When signing in for the first time, make sure we can rotate keys if we
 // already have a keystore migrated nigori.
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) {
   // Destroy the existing nigori node so we init without a nigori node.
   TearDown();
   test_user_share_.SetUp();
   SetUpEncryption();
 
@@ skipping 19 matching lines @@
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
   InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   // Verify we're still migrated and have proper encryption state. We should
   // have rotated the keybag so that it's now encrypted with the newest keystore
   // key (instead of the old gaia key).
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
   EXPECT_TRUE(GetCryptographer()->is_ready());
-  EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
+  EXPECT_EQ(encryption_handler()->GetPassphraseType(),
+            PassphraseType::KEYSTORE_PASSPHRASE);
   EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey);
 }
 
 // Trigger a key rotation when a migrated nigori (with an old keystore key) is
 // applied.
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysWhenMigratedNigoriArrives) {
   const char kOldGaiaKey[] = "old_gaia_key";
   const char kRawOldKeystoreKey[] = "old_keystore_key";
   std::string old_keystore_key;
   base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
 
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
+  InitUnmigratedNigori(kOldGaiaKey, PassphraseType::IMPLICIT_PASSPHRASE);
 
   {
     // Pass multiple keystore keys, signaling a rotation has happened.
     google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
     keys.Add()->assign(kRawOldKeystoreKey);
     keys.Add()->assign(kRawKeystoreKey);
     ReadTransaction trans(FROM_HERE, user_share());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
   }
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
   // Now simulate downloading a nigori node that was migrated before the
   // keys were rotated, and hence still encrypt with the old gaia key.
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseAccepted());
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
   EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
   {
     sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
-        KEYSTORE_PASSPHRASE, 1, kOldGaiaKey, old_keystore_key);
+        PassphraseType::KEYSTORE_PASSPHRASE, 1, kOldGaiaKey, old_keystore_key);
     // Update the encryption handler.
     WriteTransaction trans(FROM_HERE, user_share());
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
   }
   EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
   PumpLoop();
 
   EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
-  EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
-  VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
+  EXPECT_EQ(PassphraseType::KEYSTORE_PASSPHRASE,
+            encryption_handler()->GetPassphraseType());
+  VerifyMigratedNigori(PassphraseType::KEYSTORE_PASSPHRASE, kKeystoreKey);
 }
 
 // Verify that performing a migration while having more than one keystore key
 // preserves a custom passphrase.
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) {
   const char kCustomPass[] = "custom_passphrase";
   const char kRawOldKeystoreKey[] = "old_keystore_key";
 
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE);
+  InitUnmigratedNigori(kCustomPass, PassphraseType::CUSTOM_PASSPHRASE);
 
   {
     // Pass multiple keystore keys, signaling a rotation has happened.
     google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
     keys.Add()->assign(kRawOldKeystoreKey);
     keys.Add()->assign(kRawKeystoreKey);
     ReadTransaction trans(FROM_HERE, user_share());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
@@ skipping 10 matching lines @@
   EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
       .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
   EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AnyNumber());
   std::string captured_bootstrap_token;
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
       .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
   encryption_handler()->SetDecryptionPassphrase(kCustomPass);
   Mock::VerifyAndClearExpectations(observer());
 
-  VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass);
+  VerifyMigratedNigori(PassphraseType::CUSTOM_PASSPHRASE, kCustomPass);
 
   const base::Time migration_time = encryption_handler()->migration_time();
-  VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time),
-                                     kCustomPass, captured_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      TimeToProtoTime(migration_time), kCustomPass, captured_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Verify that a key rotation done after we've migrated a custom passphrase
 // nigori node preserves the custom passphrase.
 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysMigratedCustomPassphrase) {
   const char kCustomPass[] = "custom_passphrase";
   const char kRawOldKeystoreKey[] = "old_keystore_key";
 
   KeyParams custom_key = {"localhost", "dummy", kCustomPass};
   GetCryptographer()->AddKey(custom_key);
 
   const int64_t migration_time = 1;
   InitCustomPassMigratedNigori(migration_time, kCustomPass);
-  VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE,
-                                    kCustomPass);
+  VerifyMigratedNigoriWithTimestamp(
+      migration_time, PassphraseType::CUSTOM_PASSPHRASE, kCustomPass);
 
   SyncEncryptionHandler::NigoriState captured_nigori_state;
   {
     // Pass multiple keystore keys, signaling a rotation has happened.
     google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
     keys.Add()->assign(kRawOldKeystoreKey);
     keys.Add()->assign(kRawKeystoreKey);
     ReadTransaction trans(FROM_HERE, user_share());
     EXPECT_CALL(*observer(),
                 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
     EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
     EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
         .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
     encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
   }
   PumpLoop();
   Mock::VerifyAndClearExpectations(observer());
 
-  VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE,
-                                    kCustomPass);
+  VerifyMigratedNigoriWithTimestamp(
+      migration_time, PassphraseType::CUSTOM_PASSPHRASE, kCustomPass);
 
   // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_,
   // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked
   // during a previous instance) so get it from the Cryptographer.
   std::string passphrase_bootstrap_token;
   GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token);
-  VerifyRestoreAfterCustomPassphrase(migration_time, kCustomPass,
-                                     passphrase_bootstrap_token,
-                                     captured_nigori_state, CUSTOM_PASSPHRASE);
+  VerifyRestoreAfterCustomPassphrase(
+      migration_time, kCustomPass, passphrase_bootstrap_token,
+      captured_nigori_state, PassphraseType::CUSTOM_PASSPHRASE);
 }
 
 // Verify that the client can gracefully handle a nigori node that is missing
 // the keystore migration time field.
 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) {
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
   EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
   encryption_handler()->Init();
   Mock::VerifyAndClearExpectations(observer());
 
   // Now simulate downloading a nigori node that that is missing the keystore
   // migration time. It should be interpreted properly, and the passphrase type
   // should switch to keystore passphrase.
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
-  EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
+  EXPECT_CALL(*observer(),
+              OnPassphraseTypeChanged(PassphraseType::KEYSTORE_PASSPHRASE, _));
   {
-    sync_pb::NigoriSpecifics nigori =
-        BuildMigratedNigori(KEYSTORE_PASSPHRASE, 1, kKeystoreKey, kKeystoreKey);
+    sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
+        PassphraseType::KEYSTORE_PASSPHRASE, 1, kKeystoreKey, kKeystoreKey);
     nigori.clear_keystore_migration_time();
     // Update the encryption handler.
     WriteTransaction trans(FROM_HERE, user_share());
     encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
   }
   Mock::VerifyAndClearExpectations(observer());
 
   // Now provide the keystore key to fully initialize the cryptographer.
   EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
   EXPECT_CALL(*observer(),
               OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
   {
     ReadTransaction trans(FROM_HERE, user_share());
     encryption_handler()->SetKeystoreKeys(
         BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
   }
 }
 
 }  // namespace syncer