| OLD | NEW |
|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" | 5 #include "components/sync/engine_impl/sync_encryption_handler_impl.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <queue> | 11 #include <queue> |
| 12 | 12 |
| 13 #include "base/base64.h" | 13 #include "base/base64.h" |
| 14 #include "base/bind.h" | 14 #include "base/bind.h" |
| 15 #include "base/json/json_string_value_serializer.h" | 15 #include "base/json/json_string_value_serializer.h" |
| (...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 289 } else { | 289 } else { |
| 290 // If the above conditions have been met and the nigori node is still not | 290 // If the above conditions have been met and the nigori node is still not |
| 291 // migrated, something failed in the migration process. | 291 // migrated, something failed in the migration process. |
| 292 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", | 292 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", |
| 293 NOT_MIGRATED_UNKNOWN_REASON, | 293 NOT_MIGRATED_UNKNOWN_REASON, |
| 294 MIGRATION_STATE_SIZE); | 294 MIGRATION_STATE_SIZE); |
| 295 } | 295 } |
| 296 | 296 |
| 297 // Always trigger an encrypted types and cryptographer state change event at | 297 // Always trigger an encrypted types and cryptographer state change event at |
| 298 // init time so observers get the initial values. | 298 // init time so observers get the initial values. |
| 299 FOR_EACH_OBSERVER(Observer, observers_, | 299 for (auto& observer : observers_) { |
| 300 OnEncryptedTypesChanged( | 300 observer.OnEncryptedTypesChanged( |
| 301 UnlockVault(trans.GetWrappedTrans()).encrypted_types, | 301 UnlockVault(trans.GetWrappedTrans()).encrypted_types, |
| 302 encrypt_everything_)); | 302 encrypt_everything_); |
| 303 FOR_EACH_OBSERVER( | 303 } |
| 304 SyncEncryptionHandler::Observer, observers_, | 304 for (auto& observer : observers_) { |
| 305 OnCryptographerStateChanged( | 305 observer.OnCryptographerStateChanged( |
| 306 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer)); | 306 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer); |
| 307 } |
| 307 | 308 |
| 308 // If the cryptographer is not ready (either it has pending keys or we | 309 // If the cryptographer is not ready (either it has pending keys or we |
| 309 // failed to initialize it), we don't want to try and re-encrypt the data. | 310 // failed to initialize it), we don't want to try and re-encrypt the data. |
| 310 // If we had encrypted types, the DataTypeManager will block, preventing | 311 // If we had encrypted types, the DataTypeManager will block, preventing |
| 311 // sync from happening until the the passphrase is provided. | 312 // sync from happening until the the passphrase is provided. |
| 312 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) | 313 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) |
| 313 ReEncryptEverything(&trans); | 314 ReEncryptEverything(&trans); |
| 314 } | 315 } |
| 315 | 316 |
| 316 void SyncEncryptionHandlerImpl::SetEncryptionPassphrase( | 317 void SyncEncryptionHandlerImpl::SetEncryptionPassphrase( |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 387 if (!IsExplicitPassphrase(*passphrase_type)) { | 388 if (!IsExplicitPassphrase(*passphrase_type)) { |
| 388 if (!cryptographer->has_pending_keys()) { | 389 if (!cryptographer->has_pending_keys()) { |
| 389 if (cryptographer->AddKey(key_params)) { | 390 if (cryptographer->AddKey(key_params)) { |
| 390 // Case 1 and 2. We set a new GAIA passphrase when there are no pending | 391 // Case 1 and 2. We set a new GAIA passphrase when there are no pending |
| 391 // keys (1), or overwriting an implicit passphrase with a new explicit | 392 // keys (1), or overwriting an implicit passphrase with a new explicit |
| 392 // one (2) when there are no pending keys. | 393 // one (2) when there are no pending keys. |
| 393 if (is_explicit) { | 394 if (is_explicit) { |
| 394 DVLOG(1) << "Setting explicit passphrase for encryption."; | 395 DVLOG(1) << "Setting explicit passphrase for encryption."; |
| 395 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; | 396 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
| 396 custom_passphrase_time_ = base::Time::Now(); | 397 custom_passphrase_time_ = base::Time::Now(); |
| 397 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 398 for (auto& observer : observers_) { |
| 398 OnPassphraseTypeChanged( | 399 observer.OnPassphraseTypeChanged( |
| 399 *passphrase_type, | 400 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
| 400 GetExplicitPassphraseTime(*passphrase_type))); | 401 } |
| 401 } else { | 402 } else { |
| 402 DVLOG(1) << "Setting implicit passphrase for encryption."; | 403 DVLOG(1) << "Setting implicit passphrase for encryption."; |
| 403 } | 404 } |
| 404 cryptographer->GetBootstrapToken(&bootstrap_token); | 405 cryptographer->GetBootstrapToken(&bootstrap_token); |
| 405 | 406 |
| 406 // With M26, sync accounts can be in only one of two encryption states: | 407 // With M26, sync accounts can be in only one of two encryption states: |
| 407 // 1) Encrypt only passwords with an implicit passphrase. | 408 // 1) Encrypt only passwords with an implicit passphrase. |
| 408 // 2) Encrypt all sync datatypes with an explicit passphrase. | 409 // 2) Encrypt all sync datatypes with an explicit passphrase. |
| 409 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, | 410 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, |
| 410 // and keep track of an account's encryption state via the | 411 // and keep track of an account's encryption state via the |
| (...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 637 const sync_pb::NigoriSpecifics& nigori, | 638 const sync_pb::NigoriSpecifics& nigori, |
| 638 syncable::BaseTransaction* const trans) { | 639 syncable::BaseTransaction* const trans) { |
| 639 DCHECK(thread_checker_.CalledOnValidThread()); | 640 DCHECK(thread_checker_.CalledOnValidThread()); |
| 640 DCHECK(trans); | 641 DCHECK(trans); |
| 641 if (!ApplyNigoriUpdateImpl(nigori, trans)) { | 642 if (!ApplyNigoriUpdateImpl(nigori, trans)) { |
| 642 base::ThreadTaskRunnerHandle::Get()->PostTask( | 643 base::ThreadTaskRunnerHandle::Get()->PostTask( |
| 643 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, | 644 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, |
| 644 weak_ptr_factory_.GetWeakPtr())); | 645 weak_ptr_factory_.GetWeakPtr())); |
| 645 } | 646 } |
| 646 | 647 |
| 647 FOR_EACH_OBSERVER( | 648 for (auto& observer : observers_) { |
| 648 SyncEncryptionHandler::Observer, observers_, | 649 observer.OnCryptographerStateChanged( |
| 649 OnCryptographerStateChanged(&UnlockVaultMutable(trans)->cryptographer)); | 650 &UnlockVaultMutable(trans)->cryptographer); |
| 651 } |
| 650 } | 652 } |
| 651 | 653 |
| 652 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( | 654 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( |
| 653 sync_pb::NigoriSpecifics* nigori, | 655 sync_pb::NigoriSpecifics* nigori, |
| 654 syncable::BaseTransaction* const trans) const { | 656 syncable::BaseTransaction* const trans) const { |
| 655 DCHECK(thread_checker_.CalledOnValidThread()); | 657 DCHECK(thread_checker_.CalledOnValidThread()); |
| 656 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, | 658 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, |
| 657 encrypt_everything_, nigori); | 659 encrypt_everything_, nigori); |
| 658 } | 660 } |
| 659 | 661 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 686 base::Base64Encode(keys.Get(i), &old_keystore_keys_[i]); | 688 base::Base64Encode(keys.Get(i), &old_keystore_keys_[i]); |
| 687 | 689 |
| 688 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; | 690 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; |
| 689 | 691 |
| 690 // Update the bootstrap token. If this fails, we persist an empty string, | 692 // Update the bootstrap token. If this fails, we persist an empty string, |
| 691 // which will force us to download the keystore keys again on the next | 693 // which will force us to download the keystore keys again on the next |
| 692 // restart. | 694 // restart. |
| 693 std::string keystore_bootstrap = PackKeystoreBootstrapToken( | 695 std::string keystore_bootstrap = PackKeystoreBootstrapToken( |
| 694 old_keystore_keys_, keystore_key_, cryptographer->encryptor()); | 696 old_keystore_keys_, keystore_key_, cryptographer->encryptor()); |
| 695 | 697 |
| 696 FOR_EACH_OBSERVER( | 698 for (auto& observer : observers_) { |
| 697 SyncEncryptionHandler::Observer, observers_, | 699 observer.OnBootstrapTokenUpdated(keystore_bootstrap, |
| 698 OnBootstrapTokenUpdated(keystore_bootstrap, KEYSTORE_BOOTSTRAP_TOKEN)); | 700 KEYSTORE_BOOTSTRAP_TOKEN); |
| 701 } |
| 699 DVLOG(1) << "Keystore bootstrap token updated."; | 702 DVLOG(1) << "Keystore bootstrap token updated."; |
| 700 | 703 |
| 701 // If this is a first time sync, we get the encryption keys before we process | 704 // If this is a first time sync, we get the encryption keys before we process |
| 702 // the nigori node. Just return for now, ApplyNigoriUpdate will be invoked | 705 // the nigori node. Just return for now, ApplyNigoriUpdate will be invoked |
| 703 // once we have the nigori node. | 706 // once we have the nigori node. |
| 704 syncable::Entry entry(trans, syncable::GET_TYPE_ROOT, NIGORI); | 707 syncable::Entry entry(trans, syncable::GET_TYPE_ROOT, NIGORI); |
| 705 if (!entry.good()) | 708 if (!entry.good()) |
| 706 return true; | 709 return true; |
| 707 | 710 |
| 708 const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori(); | 711 const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori(); |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 847 if (child.InitByIdLookup(child_id) != BaseNode::INIT_OK) | 850 if (child.InitByIdLookup(child_id) != BaseNode::INIT_OK) |
| 848 break; // Possible if we failed to decrypt the data for some reason. | 851 break; // Possible if we failed to decrypt the data for some reason. |
| 849 child.SetPasswordSpecifics(child.GetPasswordSpecifics()); | 852 child.SetPasswordSpecifics(child.GetPasswordSpecifics()); |
| 850 child_id = child.GetSuccessorId(); | 853 child_id = child.GetSuccessorId(); |
| 851 } | 854 } |
| 852 } | 855 } |
| 853 | 856 |
| 854 DVLOG(1) << "Re-encrypt everything complete."; | 857 DVLOG(1) << "Re-encrypt everything complete."; |
| 855 | 858 |
| 856 // NOTE: We notify from within a transaction. | 859 // NOTE: We notify from within a transaction. |
| 857 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 860 for (auto& observer : observers_) { |
| 858 OnEncryptionComplete()); | 861 observer.OnEncryptionComplete(); |
| 862 } |
| 859 } | 863 } |
| 860 | 864 |
| 861 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl( | 865 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl( |
| 862 const sync_pb::NigoriSpecifics& nigori, | 866 const sync_pb::NigoriSpecifics& nigori, |
| 863 syncable::BaseTransaction* const trans) { | 867 syncable::BaseTransaction* const trans) { |
| 864 DCHECK(thread_checker_.CalledOnValidThread()); | 868 DCHECK(thread_checker_.CalledOnValidThread()); |
| 865 DVLOG(1) << "Applying nigori node update."; | 869 DVLOG(1) << "Applying nigori node update."; |
| 866 bool nigori_types_need_update = | 870 bool nigori_types_need_update = |
| 867 !UpdateEncryptedTypesFromNigori(nigori, trans); | 871 !UpdateEncryptedTypesFromNigori(nigori, trans); |
| 868 | 872 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 885 // but we let it through here as well in case future versions do add support | 889 // but we let it through here as well in case future versions do add support |
| 886 // for this transition. | 890 // for this transition. |
| 887 if (*passphrase_type != nigori_passphrase_type && | 891 if (*passphrase_type != nigori_passphrase_type && |
| 888 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && | 892 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && |
| 889 (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE || | 893 (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE || |
| 890 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { | 894 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { |
| 891 DVLOG(1) << "Changing passphrase state from " | 895 DVLOG(1) << "Changing passphrase state from " |
| 892 << PassphraseTypeToString(*passphrase_type) << " to " | 896 << PassphraseTypeToString(*passphrase_type) << " to " |
| 893 << PassphraseTypeToString(nigori_passphrase_type); | 897 << PassphraseTypeToString(nigori_passphrase_type); |
| 894 *passphrase_type = nigori_passphrase_type; | 898 *passphrase_type = nigori_passphrase_type; |
| 895 FOR_EACH_OBSERVER( | 899 for (auto& observer : observers_) { |
| 896 SyncEncryptionHandler::Observer, observers_, | 900 observer.OnPassphraseTypeChanged( |
| 897 OnPassphraseTypeChanged(*passphrase_type, | 901 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
| 898 GetExplicitPassphraseTime(*passphrase_type))); | 902 } |
| 899 } | 903 } |
| 900 if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && | 904 if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && |
| 901 encrypt_everything_) { | 905 encrypt_everything_) { |
| 902 // This is the case where another client that didn't support keystore | 906 // This is the case where another client that didn't support keystore |
| 903 // encryption attempted to enable full encryption. We detect it | 907 // encryption attempted to enable full encryption. We detect it |
| 904 // and switch the passphrase type to frozen implicit passphrase instead | 908 // and switch the passphrase type to frozen implicit passphrase instead |
| 905 // due to full encryption not being compatible with keystore passphrase. | 909 // due to full encryption not being compatible with keystore passphrase. |
| 906 // Because the local passphrase type will not match the nigori passphrase | 910 // Because the local passphrase type will not match the nigori passphrase |
| 907 // type, we will trigger a rewrite and subsequently a re-migration. | 911 // type, we will trigger a rewrite and subsequently a re-migration. |
| 908 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " | 912 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " |
| 909 << "due to full encryption."; | 913 << "due to full encryption."; |
| 910 *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; | 914 *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; |
| 911 FOR_EACH_OBSERVER( | 915 for (auto& observer : observers_) { |
| 912 SyncEncryptionHandler::Observer, observers_, | 916 observer.OnPassphraseTypeChanged( |
| 913 OnPassphraseTypeChanged(*passphrase_type, | 917 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
| 914 GetExplicitPassphraseTime(*passphrase_type))); | 918 } |
| 915 } | 919 } |
| 916 } else { | 920 } else { |
| 917 // It's possible that while we're waiting for migration a client that does | 921 // It's possible that while we're waiting for migration a client that does |
| 918 // not have keystore encryption enabled switches to a custom passphrase. | 922 // not have keystore encryption enabled switches to a custom passphrase. |
| 919 if (nigori.keybag_is_frozen() && | 923 if (nigori.keybag_is_frozen() && |
| 920 *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) { | 924 *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) { |
| 921 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; | 925 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
| 922 FOR_EACH_OBSERVER( | 926 for (auto& observer : observers_) { |
| 923 SyncEncryptionHandler::Observer, observers_, | 927 observer.OnPassphraseTypeChanged( |
| 924 OnPassphraseTypeChanged(*passphrase_type, | 928 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
| 925 GetExplicitPassphraseTime(*passphrase_type))); | 929 } |
| 926 } | 930 } |
| 927 } | 931 } |
| 928 | 932 |
| 929 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; | 933 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; |
| 930 bool nigori_needs_new_keys = false; | 934 bool nigori_needs_new_keys = false; |
| 931 if (!nigori.encryption_keybag().blob().empty()) { | 935 if (!nigori.encryption_keybag().blob().empty()) { |
| 932 // We only update the default key if this was a new explicit passphrase. | 936 // We only update the default key if this was a new explicit passphrase. |
| 933 // Else, since it was decryptable, it must not have been a new key. | 937 // Else, since it was decryptable, it must not have been a new key. |
| 934 bool need_new_default_key = false; | 938 bool need_new_default_key = false; |
| 935 if (is_nigori_migrated) { | 939 if (is_nigori_migrated) { |
| (...skipping 30 matching lines...) Expand all Loading... |
| 966 // local encryption keys into it. | 970 // local encryption keys into it. |
| 967 LOG(WARNING) << "Nigori had empty encryption keybag."; | 971 LOG(WARNING) << "Nigori had empty encryption keybag."; |
| 968 nigori_needs_new_keys = true; | 972 nigori_needs_new_keys = true; |
| 969 } | 973 } |
| 970 | 974 |
| 971 // If we've completed a sync cycle and the cryptographer isn't ready | 975 // If we've completed a sync cycle and the cryptographer isn't ready |
| 972 // yet or has pending keys, prompt the user for a passphrase. | 976 // yet or has pending keys, prompt the user for a passphrase. |
| 973 if (cryptographer->has_pending_keys()) { | 977 if (cryptographer->has_pending_keys()) { |
| 974 DVLOG(1) << "OnPassphraseRequired Sent"; | 978 DVLOG(1) << "OnPassphraseRequired Sent"; |
| 975 sync_pb::EncryptedData pending_keys = cryptographer->GetPendingKeys(); | 979 sync_pb::EncryptedData pending_keys = cryptographer->GetPendingKeys(); |
| 976 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 980 for (auto& observer : observers_) { |
| 977 OnPassphraseRequired(REASON_DECRYPTION, pending_keys)); | 981 observer.OnPassphraseRequired(REASON_DECRYPTION, pending_keys); |
| 982 } |
| 978 } else if (!cryptographer->is_ready()) { | 983 } else if (!cryptographer->is_ready()) { |
| 979 DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not " | 984 DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not " |
| 980 << "ready"; | 985 << "ready"; |
| 981 FOR_EACH_OBSERVER( | 986 for (auto& observer : observers_) { |
| 982 SyncEncryptionHandler::Observer, observers_, | 987 observer.OnPassphraseRequired(REASON_ENCRYPTION, |
| 983 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); | 988 sync_pb::EncryptedData()); |
| 989 } |
| 984 } | 990 } |
| 985 | 991 |
| 986 // Check if the current local encryption state is stricter/newer than the | 992 // Check if the current local encryption state is stricter/newer than the |
| 987 // nigori state. If so, we need to overwrite the nigori node with the local | 993 // nigori state. If so, we need to overwrite the nigori node with the local |
| 988 // state. | 994 // state. |
| 989 bool passphrase_type_matches = true; | 995 bool passphrase_type_matches = true; |
| 990 if (!is_nigori_migrated) { | 996 if (!is_nigori_migrated) { |
| 991 DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || | 997 DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || |
| 992 *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE); | 998 *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE); |
| 993 passphrase_type_matches = | 999 passphrase_type_matches = |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1083 nigori_encrypted_types.PutAll(SensitiveTypes()); | 1089 nigori_encrypted_types.PutAll(SensitiveTypes()); |
| 1084 | 1090 |
| 1085 // If anything more than the sensitive types were encrypted, and | 1091 // If anything more than the sensitive types were encrypted, and |
| 1086 // encrypt_everything is not explicitly set to false, we assume it means | 1092 // encrypt_everything is not explicitly set to false, we assume it means |
| 1087 // a client intended to enable encrypt everything. | 1093 // a client intended to enable encrypt everything. |
| 1088 if (!nigori.has_encrypt_everything() && | 1094 if (!nigori.has_encrypt_everything() && |
| 1089 !Difference(nigori_encrypted_types, SensitiveTypes()).Empty()) { | 1095 !Difference(nigori_encrypted_types, SensitiveTypes()).Empty()) { |
| 1090 if (!encrypt_everything_) { | 1096 if (!encrypt_everything_) { |
| 1091 encrypt_everything_ = true; | 1097 encrypt_everything_ = true; |
| 1092 *encrypted_types = EncryptableUserTypes(); | 1098 *encrypted_types = EncryptableUserTypes(); |
| 1093 FOR_EACH_OBSERVER( | 1099 for (auto& observer : observers_) { |
| 1094 Observer, observers_, | 1100 observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_); |
| 1095 OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_)); | 1101 } |
| 1096 } | 1102 } |
| 1097 DCHECK(*encrypted_types == EncryptableUserTypes()); | 1103 DCHECK(*encrypted_types == EncryptableUserTypes()); |
| 1098 return false; | 1104 return false; |
| 1099 } | 1105 } |
| 1100 | 1106 |
| 1101 MergeEncryptedTypes(nigori_encrypted_types, trans); | 1107 MergeEncryptedTypes(nigori_encrypted_types, trans); |
| 1102 return *encrypted_types == nigori_encrypted_types; | 1108 return *encrypted_types == nigori_encrypted_types; |
| 1103 } | 1109 } |
| 1104 | 1110 |
| 1105 void SyncEncryptionHandlerImpl::SetCustomPassphrase( | 1111 void SyncEncryptionHandlerImpl::SetCustomPassphrase( |
| (...skipping 30 matching lines...) Expand all Loading... |
| 1136 NOTREACHED() << "Failed to add key to cryptographer."; | 1142 NOTREACHED() << "Failed to add key to cryptographer."; |
| 1137 return; | 1143 return; |
| 1138 } | 1144 } |
| 1139 | 1145 |
| 1140 DVLOG(1) << "Setting custom passphrase."; | 1146 DVLOG(1) << "Setting custom passphrase."; |
| 1141 cryptographer->GetBootstrapToken(&bootstrap_token); | 1147 cryptographer->GetBootstrapToken(&bootstrap_token); |
| 1142 PassphraseType* passphrase_type = | 1148 PassphraseType* passphrase_type = |
| 1143 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; | 1149 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; |
| 1144 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; | 1150 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
| 1145 custom_passphrase_time_ = base::Time::Now(); | 1151 custom_passphrase_time_ = base::Time::Now(); |
| 1146 FOR_EACH_OBSERVER( | 1152 for (auto& observer : observers_) { |
| 1147 SyncEncryptionHandler::Observer, observers_, | 1153 observer.OnPassphraseTypeChanged( |
| 1148 OnPassphraseTypeChanged(*passphrase_type, | 1154 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
| 1149 GetExplicitPassphraseTime(*passphrase_type))); | 1155 } |
| 1150 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); | 1156 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); |
| 1151 } | 1157 } |
| 1152 | 1158 |
| 1153 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( | 1159 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( |
| 1154 WriteTransaction* trans) { | 1160 WriteTransaction* trans) { |
| 1155 WriteNode nigori_node(trans); | 1161 WriteNode nigori_node(trans); |
| 1156 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); | 1162 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); |
| 1157 DCHECK_EQ(init_result, BaseNode::INIT_OK); | 1163 DCHECK_EQ(init_result, BaseNode::INIT_OK); |
| 1158 NigoriState nigori_state; | 1164 NigoriState nigori_state; |
| 1159 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); | 1165 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); |
| 1160 DCHECK(nigori_state.nigori_specifics.passphrase_type() == | 1166 DCHECK(nigori_state.nigori_specifics.passphrase_type() == |
| 1161 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || | 1167 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || |
| 1162 nigori_state.nigori_specifics.passphrase_type() == | 1168 nigori_state.nigori_specifics.passphrase_type() == |
| 1163 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 1169 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
| 1164 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1170 for (auto& observer : observers_) { |
| 1165 OnLocalSetPassphraseEncryption(nigori_state)); | 1171 observer.OnLocalSetPassphraseEncryption(nigori_state); |
| 1172 } |
| 1166 } | 1173 } |
| 1167 | 1174 |
| 1168 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( | 1175 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( |
| 1169 const std::string& passphrase, | 1176 const std::string& passphrase, |
| 1170 WriteTransaction* trans, | 1177 WriteTransaction* trans, |
| 1171 WriteNode* nigori_node) { | 1178 WriteNode* nigori_node) { |
| 1172 DCHECK(thread_checker_.CalledOnValidThread()); | 1179 DCHECK(thread_checker_.CalledOnValidThread()); |
| 1173 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); | 1180 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
| 1174 KeyParams key_params = {"localhost", "dummy", passphrase}; | 1181 KeyParams key_params = {"localhost", "dummy", passphrase}; |
| 1175 | 1182 |
| (...skipping 27 matching lines...) Expand all Loading... |
| 1203 } | 1210 } |
| 1204 FinishSetPassphrase(success, bootstrap_token, trans, nigori_node); | 1211 FinishSetPassphrase(success, bootstrap_token, trans, nigori_node); |
| 1205 } | 1212 } |
| 1206 | 1213 |
| 1207 void SyncEncryptionHandlerImpl::FinishSetPassphrase( | 1214 void SyncEncryptionHandlerImpl::FinishSetPassphrase( |
| 1208 bool success, | 1215 bool success, |
| 1209 const std::string& bootstrap_token, | 1216 const std::string& bootstrap_token, |
| 1210 WriteTransaction* trans, | 1217 WriteTransaction* trans, |
| 1211 WriteNode* nigori_node) { | 1218 WriteNode* nigori_node) { |
| 1212 DCHECK(thread_checker_.CalledOnValidThread()); | 1219 DCHECK(thread_checker_.CalledOnValidThread()); |
| 1213 FOR_EACH_OBSERVER( | 1220 for (auto& observer : observers_) { |
| 1214 SyncEncryptionHandler::Observer, observers_, | 1221 observer.OnCryptographerStateChanged( |
| 1215 OnCryptographerStateChanged( | 1222 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer); |
| 1216 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer)); | 1223 } |
| 1217 | 1224 |
| 1218 // It's possible we need to change the bootstrap token even if we failed to | 1225 // It's possible we need to change the bootstrap token even if we failed to |
| 1219 // set the passphrase (for example if we need to preserve the new GAIA | 1226 // set the passphrase (for example if we need to preserve the new GAIA |
| 1220 // passphrase). | 1227 // passphrase). |
| 1221 if (!bootstrap_token.empty()) { | 1228 if (!bootstrap_token.empty()) { |
| 1222 DVLOG(1) << "Passphrase bootstrap token updated."; | 1229 DVLOG(1) << "Passphrase bootstrap token updated."; |
| 1223 FOR_EACH_OBSERVER( | 1230 for (auto& observer : observers_) { |
| 1224 SyncEncryptionHandler::Observer, observers_, | 1231 observer.OnBootstrapTokenUpdated(bootstrap_token, |
| 1225 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1232 PASSPHRASE_BOOTSTRAP_TOKEN); |
| 1233 } |
| 1226 } | 1234 } |
| 1227 | 1235 |
| 1228 const Cryptographer& cryptographer = | 1236 const Cryptographer& cryptographer = |
| 1229 UnlockVault(trans->GetWrappedTrans()).cryptographer; | 1237 UnlockVault(trans->GetWrappedTrans()).cryptographer; |
| 1230 if (!success) { | 1238 if (!success) { |
| 1231 if (cryptographer.is_ready()) { | 1239 if (cryptographer.is_ready()) { |
| 1232 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " | 1240 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " |
| 1233 << "was ready."; | 1241 << "was ready."; |
| 1234 } else if (cryptographer.has_pending_keys()) { | 1242 } else if (cryptographer.has_pending_keys()) { |
| 1235 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1243 for (auto& observer : observers_) { |
| 1236 OnPassphraseRequired(REASON_DECRYPTION, | 1244 observer.OnPassphraseRequired(REASON_DECRYPTION, |
| 1237 cryptographer.GetPendingKeys())); | 1245 cryptographer.GetPendingKeys()); |
| 1246 } |
| 1238 } else { | 1247 } else { |
| 1239 FOR_EACH_OBSERVER( | 1248 for (auto& observer : observers_) { |
| 1240 SyncEncryptionHandler::Observer, observers_, | 1249 observer.OnPassphraseRequired(REASON_ENCRYPTION, |
| 1241 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); | 1250 sync_pb::EncryptedData()); |
| 1251 } |
| 1242 } | 1252 } |
| 1243 return; | 1253 return; |
| 1244 } | 1254 } |
| 1245 DCHECK(success); | 1255 DCHECK(success); |
| 1246 DCHECK(cryptographer.is_ready()); | 1256 DCHECK(cryptographer.is_ready()); |
| 1247 | 1257 |
| 1248 // Will do nothing if we're already properly migrated or unable to migrate | 1258 // Will do nothing if we're already properly migrated or unable to migrate |
| 1249 // (in otherwords, if ShouldTriggerMigration is false). | 1259 // (in otherwords, if ShouldTriggerMigration is false). |
| 1250 // Otherwise will update the nigori node with the current migrated state, | 1260 // Otherwise will update the nigori node with the current migrated state, |
| 1251 // writing all encryption state as it does. | 1261 // writing all encryption state as it does. |
| (...skipping 15 matching lines...) Expand all Loading... |
| 1267 // If we set a new custom passphrase, store the timestamp. | 1277 // If we set a new custom passphrase, store the timestamp. |
| 1268 if (!custom_passphrase_time_.is_null()) { | 1278 if (!custom_passphrase_time_.is_null()) { |
| 1269 nigori.set_custom_passphrase_time( | 1279 nigori.set_custom_passphrase_time( |
| 1270 TimeToProtoTime(custom_passphrase_time_)); | 1280 TimeToProtoTime(custom_passphrase_time_)); |
| 1271 } | 1281 } |
| 1272 nigori_node->SetNigoriSpecifics(nigori); | 1282 nigori_node->SetNigoriSpecifics(nigori); |
| 1273 } | 1283 } |
| 1274 | 1284 |
| 1275 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS | 1285 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS |
| 1276 // checks the passphrase state after it has been set. | 1286 // checks the passphrase state after it has been set. |
| 1277 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1287 for (auto& observer : observers_) { |
| 1278 OnPassphraseAccepted()); | 1288 observer.OnPassphraseAccepted(); |
| 1289 } |
| 1279 | 1290 |
| 1280 // Does nothing if everything is already encrypted. | 1291 // Does nothing if everything is already encrypted. |
| 1281 // TODO(zea): If we just migrated and enabled encryption, this will be | 1292 // TODO(zea): If we just migrated and enabled encryption, this will be |
| 1282 // redundant. Figure out a way to not do this unnecessarily. | 1293 // redundant. Figure out a way to not do this unnecessarily. |
| 1283 ReEncryptEverything(trans); | 1294 ReEncryptEverything(trans); |
| 1284 } | 1295 } |
| 1285 | 1296 |
| 1286 void SyncEncryptionHandlerImpl::MergeEncryptedTypes( | 1297 void SyncEncryptionHandlerImpl::MergeEncryptedTypes( |
| 1287 ModelTypeSet new_encrypted_types, | 1298 ModelTypeSet new_encrypted_types, |
| 1288 syncable::BaseTransaction* const trans) { | 1299 syncable::BaseTransaction* const trans) { |
| 1289 DCHECK(thread_checker_.CalledOnValidThread()); | 1300 DCHECK(thread_checker_.CalledOnValidThread()); |
| 1290 | 1301 |
| 1291 // Only UserTypes may be encrypted. | 1302 // Only UserTypes may be encrypted. |
| 1292 DCHECK(EncryptableUserTypes().HasAll(new_encrypted_types)); | 1303 DCHECK(EncryptableUserTypes().HasAll(new_encrypted_types)); |
| 1293 | 1304 |
| 1294 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; | 1305 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; |
| 1295 if (!encrypted_types->HasAll(new_encrypted_types)) { | 1306 if (!encrypted_types->HasAll(new_encrypted_types)) { |
| 1296 *encrypted_types = new_encrypted_types; | 1307 *encrypted_types = new_encrypted_types; |
| 1297 FOR_EACH_OBSERVER( | 1308 for (auto& observer : observers_) { |
| 1298 Observer, observers_, | 1309 observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_); |
| 1299 OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_)); | 1310 } |
| 1300 } | 1311 } |
| 1301 } | 1312 } |
| 1302 | 1313 |
| 1303 SyncEncryptionHandlerImpl::Vault* SyncEncryptionHandlerImpl::UnlockVaultMutable( | 1314 SyncEncryptionHandlerImpl::Vault* SyncEncryptionHandlerImpl::UnlockVaultMutable( |
| 1304 syncable::BaseTransaction* const trans) { | 1315 syncable::BaseTransaction* const trans) { |
| 1305 DCHECK_EQ(user_share_->directory.get(), trans->directory()); | 1316 DCHECK_EQ(user_share_->directory.get(), trans->directory()); |
| 1306 return &vault_unsafe_; | 1317 return &vault_unsafe_; |
| 1307 } | 1318 } |
| 1308 | 1319 |
| 1309 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( | 1320 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1420 DVLOG(1) << "Migrating keybag to keystore key."; | 1431 DVLOG(1) << "Migrating keybag to keystore key."; |
| 1421 bool cryptographer_was_ready = cryptographer->is_ready(); | 1432 bool cryptographer_was_ready = cryptographer->is_ready(); |
| 1422 if (!cryptographer->AddKey(key_params)) { | 1433 if (!cryptographer->AddKey(key_params)) { |
| 1423 LOG(ERROR) << "Failed to add keystore key as default key"; | 1434 LOG(ERROR) << "Failed to add keystore key as default key"; |
| 1424 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", | 1435 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", |
| 1425 FAILED_TO_SET_DEFAULT_KEYSTORE, | 1436 FAILED_TO_SET_DEFAULT_KEYSTORE, |
| 1426 MIGRATION_RESULT_SIZE); | 1437 MIGRATION_RESULT_SIZE); |
| 1427 return false; | 1438 return false; |
| 1428 } | 1439 } |
| 1429 if (!cryptographer_was_ready && cryptographer->is_ready()) { | 1440 if (!cryptographer_was_ready && cryptographer->is_ready()) { |
| 1430 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1441 for (auto& observer : observers_) { |
| 1431 OnPassphraseAccepted()); | 1442 observer.OnPassphraseAccepted(); |
| 1443 } |
| 1432 } | 1444 } |
| 1433 } else { | 1445 } else { |
| 1434 // We're in backwards compatible mode -- either the account has an | 1446 // We're in backwards compatible mode -- either the account has an |
| 1435 // explicit passphrase, or we want to preserve the current GAIA-based key | 1447 // explicit passphrase, or we want to preserve the current GAIA-based key |
| 1436 // as the default because we can (there have been no key rotations since | 1448 // as the default because we can (there have been no key rotations since |
| 1437 // the migration). | 1449 // the migration). |
| 1438 DVLOG(1) << "Migrating keybag while preserving old key"; | 1450 DVLOG(1) << "Migrating keybag while preserving old key"; |
| 1439 if (!cryptographer->AddNonDefaultKey(key_params)) { | 1451 if (!cryptographer->AddNonDefaultKey(key_params)) { |
| 1440 LOG(ERROR) << "Failed to add keystore key as non-default key."; | 1452 LOG(ERROR) << "Failed to add keystore key as non-default key."; |
| 1441 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", | 1453 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1475 | 1487 |
| 1476 if (migration_time_.is_null()) | 1488 if (migration_time_.is_null()) |
| 1477 migration_time_ = base::Time::Now(); | 1489 migration_time_ = base::Time::Now(); |
| 1478 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); | 1490 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); |
| 1479 | 1491 |
| 1480 if (!custom_passphrase_time_.is_null()) { | 1492 if (!custom_passphrase_time_.is_null()) { |
| 1481 migrated_nigori.set_custom_passphrase_time( | 1493 migrated_nigori.set_custom_passphrase_time( |
| 1482 TimeToProtoTime(custom_passphrase_time_)); | 1494 TimeToProtoTime(custom_passphrase_time_)); |
| 1483 } | 1495 } |
| 1484 | 1496 |
| 1485 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1497 for (auto& observer : observers_) { |
| 1486 OnCryptographerStateChanged(cryptographer)); | 1498 observer.OnCryptographerStateChanged(cryptographer); |
| 1499 } |
| 1487 if (*passphrase_type != new_passphrase_type) { | 1500 if (*passphrase_type != new_passphrase_type) { |
| 1488 *passphrase_type = new_passphrase_type; | 1501 *passphrase_type = new_passphrase_type; |
| 1489 FOR_EACH_OBSERVER( | 1502 for (auto& observer : observers_) { |
| 1490 SyncEncryptionHandler::Observer, observers_, | 1503 observer.OnPassphraseTypeChanged( |
| 1491 OnPassphraseTypeChanged(*passphrase_type, | 1504 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
| 1492 GetExplicitPassphraseTime(*passphrase_type))); | 1505 } |
| 1493 } | 1506 } |
| 1494 | 1507 |
| 1495 if (new_encrypt_everything && !encrypt_everything_) { | 1508 if (new_encrypt_everything && !encrypt_everything_) { |
| 1496 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); | 1509 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); |
| 1497 ReEncryptEverything(trans); | 1510 ReEncryptEverything(trans); |
| 1498 } else if (!cryptographer->CanDecryptUsingDefaultKey( | 1511 } else if (!cryptographer->CanDecryptUsingDefaultKey( |
| 1499 old_nigori.encryption_keybag())) { | 1512 old_nigori.encryption_keybag())) { |
| 1500 DVLOG(1) << "Rencrypting everything due to key rotation."; | 1513 DVLOG(1) << "Rencrypting everything due to key rotation."; |
| 1501 ReEncryptEverything(trans); | 1514 ReEncryptEverything(trans); |
| 1502 } | 1515 } |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1575 | 1588 |
| 1576 void SyncEncryptionHandlerImpl::EnableEncryptEverythingImpl( | 1589 void SyncEncryptionHandlerImpl::EnableEncryptEverythingImpl( |
| 1577 syncable::BaseTransaction* const trans) { | 1590 syncable::BaseTransaction* const trans) { |
| 1578 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; | 1591 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; |
| 1579 if (encrypt_everything_) { | 1592 if (encrypt_everything_) { |
| 1580 DCHECK_EQ(EncryptableUserTypes(), *encrypted_types); | 1593 DCHECK_EQ(EncryptableUserTypes(), *encrypted_types); |
| 1581 return; | 1594 return; |
| 1582 } | 1595 } |
| 1583 encrypt_everything_ = true; | 1596 encrypt_everything_ = true; |
| 1584 *encrypted_types = EncryptableUserTypes(); | 1597 *encrypted_types = EncryptableUserTypes(); |
| 1585 FOR_EACH_OBSERVER( | 1598 for (auto& observer : observers_) { |
| 1586 Observer, observers_, | 1599 observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_); |
| 1587 OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_)); | 1600 } |
| 1588 } | 1601 } |
| 1589 | 1602 |
| 1590 bool SyncEncryptionHandlerImpl::DecryptPendingKeysWithKeystoreKey( | 1603 bool SyncEncryptionHandlerImpl::DecryptPendingKeysWithKeystoreKey( |
| 1591 const sync_pb::EncryptedData& keystore_decryptor_token, | 1604 const sync_pb::EncryptedData& keystore_decryptor_token, |
| 1592 Cryptographer* cryptographer) { | 1605 Cryptographer* cryptographer) { |
| 1593 DCHECK(cryptographer->has_pending_keys()); | 1606 DCHECK(cryptographer->has_pending_keys()); |
| 1594 if (keystore_decryptor_token.blob().empty()) | 1607 if (keystore_decryptor_token.blob().empty()) |
| 1595 return false; | 1608 return false; |
| 1596 Cryptographer temp_cryptographer(cryptographer->encryptor()); | 1609 Cryptographer temp_cryptographer(cryptographer->encryptor()); |
| 1597 | 1610 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1637 } else { | 1650 } else { |
| 1638 // Theoretically the encryption keybag should already contain the keystore | 1651 // Theoretically the encryption keybag should already contain the keystore |
| 1639 // key. We explicitly add it as a safety measure. | 1652 // key. We explicitly add it as a safety measure. |
| 1640 DVLOG(1) << "Pending keys based on newest keystore key."; | 1653 DVLOG(1) << "Pending keys based on newest keystore key."; |
| 1641 cryptographer->AddNonDefaultKey(keystore_params); | 1654 cryptographer->AddNonDefaultKey(keystore_params); |
| 1642 } | 1655 } |
| 1643 if (cryptographer->is_ready()) { | 1656 if (cryptographer->is_ready()) { |
| 1644 std::string bootstrap_token; | 1657 std::string bootstrap_token; |
| 1645 cryptographer->GetBootstrapToken(&bootstrap_token); | 1658 cryptographer->GetBootstrapToken(&bootstrap_token); |
| 1646 DVLOG(1) << "Keystore decryptor token decrypted pending keys."; | 1659 DVLOG(1) << "Keystore decryptor token decrypted pending keys."; |
| 1647 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1660 // Note: These are separate loops to match previous functionality and not |
| 1648 OnPassphraseAccepted()); | 1661 // out of explicit knowledge that they must be. |
| 1649 FOR_EACH_OBSERVER( | 1662 for (auto& observer : observers_) { |
| 1650 SyncEncryptionHandler::Observer, observers_, | 1663 observer.OnPassphraseAccepted(); |
| 1651 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1664 } |
| 1652 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1665 for (auto& observer : observers_) { |
| 1653 OnCryptographerStateChanged(cryptographer)); | 1666 observer.OnBootstrapTokenUpdated(bootstrap_token, |
| 1667 PASSPHRASE_BOOTSTRAP_TOKEN); |
| 1668 } |
| 1669 for (auto& observer : observers_) { |
| 1670 observer.OnCryptographerStateChanged(cryptographer); |
| 1671 } |
| 1654 return true; | 1672 return true; |
| 1655 } | 1673 } |
| 1656 } | 1674 } |
| 1657 return false; | 1675 return false; |
| 1658 } | 1676 } |
| 1659 | 1677 |
| 1660 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime( | 1678 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime( |
| 1661 PassphraseType passphrase_type) const { | 1679 PassphraseType passphrase_type) const { |
| 1662 if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) | 1680 if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) |
| 1663 return migration_time(); | 1681 return migration_time(); |
| 1664 else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) | 1682 else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) |
| 1665 return custom_passphrase_time(); | 1683 return custom_passphrase_time(); |
| 1666 return base::Time(); | 1684 return base::Time(); |
| 1667 } | 1685 } |
| 1668 | 1686 |
| 1669 } // namespace syncer | 1687 } // namespace syncer |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2413313004:
[Sync] Move the last things out of core/. (Closed)
