OLD | NEW |
| (Empty) |
1 // Copyright 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef COMPONENTS_SYNC_CORE_SYNC_ENCRYPTION_HANDLER_H_ | |
6 #define COMPONENTS_SYNC_CORE_SYNC_ENCRYPTION_HANDLER_H_ | |
7 | |
8 #include <string> | |
9 | |
10 #include "base/time/time.h" | |
11 #include "components/sync/base/model_type.h" | |
12 #include "components/sync/protocol/sync.pb.h" | |
13 | |
14 namespace syncer { | |
15 | |
16 class Cryptographer; | |
17 enum class PassphraseType; | |
18 | |
19 // Reasons due to which Cryptographer might require a passphrase. | |
20 enum PassphraseRequiredReason { | |
21 REASON_PASSPHRASE_NOT_REQUIRED = 0, // Initial value. | |
22 REASON_ENCRYPTION = 1, // The cryptographer requires a | |
23 // passphrase for its first attempt at | |
24 // encryption. Happens only during | |
25 // migration or upgrade. | |
26 REASON_DECRYPTION = 2, // The cryptographer requires a | |
27 // passphrase for its first attempt at | |
28 // decryption. | |
29 }; | |
30 | |
31 // Enum used to distinguish which bootstrap encryption token is being updated. | |
32 enum BootstrapTokenType { | |
33 PASSPHRASE_BOOTSTRAP_TOKEN, | |
34 KEYSTORE_BOOTSTRAP_TOKEN | |
35 }; | |
36 | |
37 // Sync's encryption handler. Handles tracking encrypted types, ensuring the | |
38 // cryptographer encrypts with the proper key and has the most recent keybag, | |
39 // and keeps the nigori node up to date. | |
40 // Implementations of this class must be assumed to be non-thread-safe. All | |
41 // methods must be invoked on the sync thread. | |
42 class SyncEncryptionHandler { | |
43 public: | |
44 class NigoriState; | |
45 | |
46 // All Observer methods are done synchronously from within a transaction and | |
47 // on the sync thread. | |
48 class Observer { | |
49 public: | |
50 Observer(); | |
51 | |
52 // Called when user interaction is required to obtain a valid passphrase. | |
53 // - If the passphrase is required for encryption, |reason| will be | |
54 // REASON_ENCRYPTION. | |
55 // - If the passphrase is required for the decryption of data that has | |
56 // already been encrypted, |reason| will be REASON_DECRYPTION. | |
57 // - If the passphrase is required because decryption failed, and a new | |
58 // passphrase is required, |reason| will be REASON_SET_PASSPHRASE_FAILED. | |
59 // | |
60 // |pending_keys| is a copy of the cryptographer's pending keys, that may be | |
61 // cached by the frontend for subsequent use by the UI. | |
62 virtual void OnPassphraseRequired( | |
63 PassphraseRequiredReason reason, | |
64 const sync_pb::EncryptedData& pending_keys) = 0; | |
65 // Called when the passphrase provided by the user has been accepted and is | |
66 // now used to encrypt sync data. | |
67 | |
68 virtual void OnPassphraseAccepted() = 0; | |
69 // |bootstrap_token| is an opaque base64 encoded representation of the key | |
70 // generated by the current passphrase, and is provided to the observer for | |
71 // persistence purposes and use in a future initialization of sync (e.g. | |
72 // after restart). The boostrap token will always be derived from the most | |
73 // recent GAIA password (for accounts with implicit passphrases), even if | |
74 // the data is still encrypted with an older GAIA password. For accounts | |
75 // with explicit passphrases, it will be the most recently seen custom | |
76 // passphrase. | |
77 virtual void OnBootstrapTokenUpdated(const std::string& bootstrap_token, | |
78 BootstrapTokenType type) = 0; | |
79 | |
80 // Called when the set of encrypted types or the encrypt | |
81 // everything flag has been changed. Note that encryption isn't | |
82 // complete until the OnEncryptionComplete() notification has been | |
83 // sent (see below). | |
84 // | |
85 // |encrypted_types| will always be a superset of | |
86 // Cryptographer::SensitiveTypes(). If |encrypt_everything| is | |
87 // true, |encrypted_types| will be the set of all known types. | |
88 // | |
89 // Until this function is called, observers can assume that the | |
90 // set of encrypted types is Cryptographer::SensitiveTypes() and | |
91 // that the encrypt everything flag is false. | |
92 virtual void OnEncryptedTypesChanged(ModelTypeSet encrypted_types, | |
93 bool encrypt_everything) = 0; | |
94 | |
95 // Called after we finish encrypting the current set of encrypted | |
96 // types. | |
97 virtual void OnEncryptionComplete() = 0; | |
98 | |
99 // The cryptographer has been updated. Listeners should check that their | |
100 // own state matches the cryptographer. | |
101 // Used primarily for debugging. | |
102 virtual void OnCryptographerStateChanged(Cryptographer* cryptographer) = 0; | |
103 | |
104 // The passphrase type has changed. |type| is the new type, | |
105 // |passphrase_time| is the time the passphrase was set (unset if |type| | |
106 // is KEYSTORE_PASSPHRASE or the passphrase was set before we started | |
107 // recording the time). | |
108 virtual void OnPassphraseTypeChanged(PassphraseType type, | |
109 base::Time passphrase_time) = 0; | |
110 | |
111 // The user has set a passphrase using this device. | |
112 // | |
113 // |nigori_state| can be used to restore nigori state across | |
114 // SyncEncryptionHandlerImpl lifetimes. See also SyncEncryptionHandlerImpl's | |
115 // RestoredNigori method. | |
116 virtual void OnLocalSetPassphraseEncryption( | |
117 const NigoriState& nigori_state) = 0; | |
118 | |
119 protected: | |
120 virtual ~Observer(); | |
121 }; | |
122 | |
123 class NigoriState { | |
124 public: | |
125 NigoriState() {} | |
126 sync_pb::NigoriSpecifics nigori_specifics; | |
127 }; | |
128 | |
129 SyncEncryptionHandler(); | |
130 virtual ~SyncEncryptionHandler(); | |
131 | |
132 // Add/Remove SyncEncryptionHandler::Observers. | |
133 virtual void AddObserver(Observer* observer) = 0; | |
134 virtual void RemoveObserver(Observer* observer) = 0; | |
135 | |
136 // Reads the nigori node, updates internal state as needed, and, if an | |
137 // empty/stale nigori node is detected, overwrites the existing | |
138 // nigori node. Upon completion, if the cryptographer is still ready | |
139 // attempts to re-encrypt all sync data. | |
140 // Note: This method is expensive (it iterates through all encrypted types), | |
141 // so should only be used sparingly (e.g. on startup). | |
142 virtual void Init() = 0; | |
143 | |
144 // Attempts to re-encrypt encrypted data types using the passphrase provided. | |
145 // Notifies observers of the result of the operation via OnPassphraseAccepted | |
146 // or OnPassphraseRequired, updates the nigori node, and does re-encryption as | |
147 // appropriate. If an explicit password has been set previously, we drop | |
148 // subsequent requests to set a passphrase. If the cryptographer has pending | |
149 // keys, and a new implicit passphrase is provided, we try decrypting the | |
150 // pending keys with it, and if that fails, we cache the passphrase for | |
151 // re-encryption once the pending keys are decrypted. | |
152 virtual void SetEncryptionPassphrase(const std::string& passphrase, | |
153 bool is_explicit) = 0; | |
154 | |
155 // Provides a passphrase for decrypting the user's existing sync data. | |
156 // Notifies observers of the result of the operation via OnPassphraseAccepted | |
157 // or OnPassphraseRequired, updates the nigori node, and does re-encryption as | |
158 // appropriate if there is a previously cached encryption passphrase. It is an | |
159 // error to call this when we don't have pending keys. | |
160 virtual void SetDecryptionPassphrase(const std::string& passphrase) = 0; | |
161 | |
162 // Enables encryption of all datatypes. | |
163 virtual void EnableEncryptEverything() = 0; | |
164 | |
165 // Whether encryption of all datatypes is enabled. If false, only sensitive | |
166 // types are encrypted. | |
167 virtual bool IsEncryptEverythingEnabled() const = 0; | |
168 | |
169 // The set of types that are always encrypted. | |
170 static ModelTypeSet SensitiveTypes(); | |
171 }; | |
172 | |
173 } // namespace syncer | |
174 | |
175 #endif // COMPONENTS_SYNC_CORE_SYNC_ENCRYPTION_HANDLER_H_ | |
OLD | NEW |