OLD | NEW |
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/sync/core_impl/sync_encryption_handler_impl.h" | 5 #include "components/sync/engine_impl/sync_encryption_handler_impl.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
11 #include <queue> | 11 #include <queue> |
12 | 12 |
13 #include "base/base64.h" | 13 #include "base/base64.h" |
14 #include "base/bind.h" | 14 #include "base/bind.h" |
15 #include "base/json/json_string_value_serializer.h" | 15 #include "base/json/json_string_value_serializer.h" |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 } else { | 289 } else { |
290 // If the above conditions have been met and the nigori node is still not | 290 // If the above conditions have been met and the nigori node is still not |
291 // migrated, something failed in the migration process. | 291 // migrated, something failed in the migration process. |
292 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", | 292 UMA_HISTOGRAM_ENUMERATION("Sync.NigoriMigrationState", |
293 NOT_MIGRATED_UNKNOWN_REASON, | 293 NOT_MIGRATED_UNKNOWN_REASON, |
294 MIGRATION_STATE_SIZE); | 294 MIGRATION_STATE_SIZE); |
295 } | 295 } |
296 | 296 |
297 // Always trigger an encrypted types and cryptographer state change event at | 297 // Always trigger an encrypted types and cryptographer state change event at |
298 // init time so observers get the initial values. | 298 // init time so observers get the initial values. |
299 FOR_EACH_OBSERVER(Observer, observers_, | 299 for (auto& observer : observers_) { |
300 OnEncryptedTypesChanged( | 300 observer.OnEncryptedTypesChanged( |
301 UnlockVault(trans.GetWrappedTrans()).encrypted_types, | 301 UnlockVault(trans.GetWrappedTrans()).encrypted_types, |
302 encrypt_everything_)); | 302 encrypt_everything_); |
303 FOR_EACH_OBSERVER( | 303 } |
304 SyncEncryptionHandler::Observer, observers_, | 304 for (auto& observer : observers_) { |
305 OnCryptographerStateChanged( | 305 observer.OnCryptographerStateChanged( |
306 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer)); | 306 &UnlockVaultMutable(trans.GetWrappedTrans())->cryptographer); |
| 307 } |
307 | 308 |
308 // If the cryptographer is not ready (either it has pending keys or we | 309 // If the cryptographer is not ready (either it has pending keys or we |
309 // failed to initialize it), we don't want to try and re-encrypt the data. | 310 // failed to initialize it), we don't want to try and re-encrypt the data. |
310 // If we had encrypted types, the DataTypeManager will block, preventing | 311 // If we had encrypted types, the DataTypeManager will block, preventing |
311 // sync from happening until the the passphrase is provided. | 312 // sync from happening until the the passphrase is provided. |
312 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) | 313 if (UnlockVault(trans.GetWrappedTrans()).cryptographer.is_ready()) |
313 ReEncryptEverything(&trans); | 314 ReEncryptEverything(&trans); |
314 } | 315 } |
315 | 316 |
316 void SyncEncryptionHandlerImpl::SetEncryptionPassphrase( | 317 void SyncEncryptionHandlerImpl::SetEncryptionPassphrase( |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
387 if (!IsExplicitPassphrase(*passphrase_type)) { | 388 if (!IsExplicitPassphrase(*passphrase_type)) { |
388 if (!cryptographer->has_pending_keys()) { | 389 if (!cryptographer->has_pending_keys()) { |
389 if (cryptographer->AddKey(key_params)) { | 390 if (cryptographer->AddKey(key_params)) { |
390 // Case 1 and 2. We set a new GAIA passphrase when there are no pending | 391 // Case 1 and 2. We set a new GAIA passphrase when there are no pending |
391 // keys (1), or overwriting an implicit passphrase with a new explicit | 392 // keys (1), or overwriting an implicit passphrase with a new explicit |
392 // one (2) when there are no pending keys. | 393 // one (2) when there are no pending keys. |
393 if (is_explicit) { | 394 if (is_explicit) { |
394 DVLOG(1) << "Setting explicit passphrase for encryption."; | 395 DVLOG(1) << "Setting explicit passphrase for encryption."; |
395 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; | 396 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
396 custom_passphrase_time_ = base::Time::Now(); | 397 custom_passphrase_time_ = base::Time::Now(); |
397 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 398 for (auto& observer : observers_) { |
398 OnPassphraseTypeChanged( | 399 observer.OnPassphraseTypeChanged( |
399 *passphrase_type, | 400 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
400 GetExplicitPassphraseTime(*passphrase_type))); | 401 } |
401 } else { | 402 } else { |
402 DVLOG(1) << "Setting implicit passphrase for encryption."; | 403 DVLOG(1) << "Setting implicit passphrase for encryption."; |
403 } | 404 } |
404 cryptographer->GetBootstrapToken(&bootstrap_token); | 405 cryptographer->GetBootstrapToken(&bootstrap_token); |
405 | 406 |
406 // With M26, sync accounts can be in only one of two encryption states: | 407 // With M26, sync accounts can be in only one of two encryption states: |
407 // 1) Encrypt only passwords with an implicit passphrase. | 408 // 1) Encrypt only passwords with an implicit passphrase. |
408 // 2) Encrypt all sync datatypes with an explicit passphrase. | 409 // 2) Encrypt all sync datatypes with an explicit passphrase. |
409 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, | 410 // We deprecate the "EncryptAllData" and "CustomPassphrase" histograms, |
410 // and keep track of an account's encryption state via the | 411 // and keep track of an account's encryption state via the |
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
637 const sync_pb::NigoriSpecifics& nigori, | 638 const sync_pb::NigoriSpecifics& nigori, |
638 syncable::BaseTransaction* const trans) { | 639 syncable::BaseTransaction* const trans) { |
639 DCHECK(thread_checker_.CalledOnValidThread()); | 640 DCHECK(thread_checker_.CalledOnValidThread()); |
640 DCHECK(trans); | 641 DCHECK(trans); |
641 if (!ApplyNigoriUpdateImpl(nigori, trans)) { | 642 if (!ApplyNigoriUpdateImpl(nigori, trans)) { |
642 base::ThreadTaskRunnerHandle::Get()->PostTask( | 643 base::ThreadTaskRunnerHandle::Get()->PostTask( |
643 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, | 644 FROM_HERE, base::Bind(&SyncEncryptionHandlerImpl::RewriteNigori, |
644 weak_ptr_factory_.GetWeakPtr())); | 645 weak_ptr_factory_.GetWeakPtr())); |
645 } | 646 } |
646 | 647 |
647 FOR_EACH_OBSERVER( | 648 for (auto& observer : observers_) { |
648 SyncEncryptionHandler::Observer, observers_, | 649 observer.OnCryptographerStateChanged( |
649 OnCryptographerStateChanged(&UnlockVaultMutable(trans)->cryptographer)); | 650 &UnlockVaultMutable(trans)->cryptographer); |
| 651 } |
650 } | 652 } |
651 | 653 |
652 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( | 654 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( |
653 sync_pb::NigoriSpecifics* nigori, | 655 sync_pb::NigoriSpecifics* nigori, |
654 syncable::BaseTransaction* const trans) const { | 656 syncable::BaseTransaction* const trans) const { |
655 DCHECK(thread_checker_.CalledOnValidThread()); | 657 DCHECK(thread_checker_.CalledOnValidThread()); |
656 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, | 658 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, |
657 encrypt_everything_, nigori); | 659 encrypt_everything_, nigori); |
658 } | 660 } |
659 | 661 |
(...skipping 26 matching lines...) Expand all Loading... |
686 base::Base64Encode(keys.Get(i), &old_keystore_keys_[i]); | 688 base::Base64Encode(keys.Get(i), &old_keystore_keys_[i]); |
687 | 689 |
688 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; | 690 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; |
689 | 691 |
690 // Update the bootstrap token. If this fails, we persist an empty string, | 692 // Update the bootstrap token. If this fails, we persist an empty string, |
691 // which will force us to download the keystore keys again on the next | 693 // which will force us to download the keystore keys again on the next |
692 // restart. | 694 // restart. |
693 std::string keystore_bootstrap = PackKeystoreBootstrapToken( | 695 std::string keystore_bootstrap = PackKeystoreBootstrapToken( |
694 old_keystore_keys_, keystore_key_, cryptographer->encryptor()); | 696 old_keystore_keys_, keystore_key_, cryptographer->encryptor()); |
695 | 697 |
696 FOR_EACH_OBSERVER( | 698 for (auto& observer : observers_) { |
697 SyncEncryptionHandler::Observer, observers_, | 699 observer.OnBootstrapTokenUpdated(keystore_bootstrap, |
698 OnBootstrapTokenUpdated(keystore_bootstrap, KEYSTORE_BOOTSTRAP_TOKEN)); | 700 KEYSTORE_BOOTSTRAP_TOKEN); |
| 701 } |
699 DVLOG(1) << "Keystore bootstrap token updated."; | 702 DVLOG(1) << "Keystore bootstrap token updated."; |
700 | 703 |
701 // If this is a first time sync, we get the encryption keys before we process | 704 // If this is a first time sync, we get the encryption keys before we process |
702 // the nigori node. Just return for now, ApplyNigoriUpdate will be invoked | 705 // the nigori node. Just return for now, ApplyNigoriUpdate will be invoked |
703 // once we have the nigori node. | 706 // once we have the nigori node. |
704 syncable::Entry entry(trans, syncable::GET_TYPE_ROOT, NIGORI); | 707 syncable::Entry entry(trans, syncable::GET_TYPE_ROOT, NIGORI); |
705 if (!entry.good()) | 708 if (!entry.good()) |
706 return true; | 709 return true; |
707 | 710 |
708 const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori(); | 711 const sync_pb::NigoriSpecifics& nigori = entry.GetSpecifics().nigori(); |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
847 if (child.InitByIdLookup(child_id) != BaseNode::INIT_OK) | 850 if (child.InitByIdLookup(child_id) != BaseNode::INIT_OK) |
848 break; // Possible if we failed to decrypt the data for some reason. | 851 break; // Possible if we failed to decrypt the data for some reason. |
849 child.SetPasswordSpecifics(child.GetPasswordSpecifics()); | 852 child.SetPasswordSpecifics(child.GetPasswordSpecifics()); |
850 child_id = child.GetSuccessorId(); | 853 child_id = child.GetSuccessorId(); |
851 } | 854 } |
852 } | 855 } |
853 | 856 |
854 DVLOG(1) << "Re-encrypt everything complete."; | 857 DVLOG(1) << "Re-encrypt everything complete."; |
855 | 858 |
856 // NOTE: We notify from within a transaction. | 859 // NOTE: We notify from within a transaction. |
857 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 860 for (auto& observer : observers_) { |
858 OnEncryptionComplete()); | 861 observer.OnEncryptionComplete(); |
| 862 } |
859 } | 863 } |
860 | 864 |
861 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl( | 865 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl( |
862 const sync_pb::NigoriSpecifics& nigori, | 866 const sync_pb::NigoriSpecifics& nigori, |
863 syncable::BaseTransaction* const trans) { | 867 syncable::BaseTransaction* const trans) { |
864 DCHECK(thread_checker_.CalledOnValidThread()); | 868 DCHECK(thread_checker_.CalledOnValidThread()); |
865 DVLOG(1) << "Applying nigori node update."; | 869 DVLOG(1) << "Applying nigori node update."; |
866 bool nigori_types_need_update = | 870 bool nigori_types_need_update = |
867 !UpdateEncryptedTypesFromNigori(nigori, trans); | 871 !UpdateEncryptedTypesFromNigori(nigori, trans); |
868 | 872 |
(...skipping 16 matching lines...) Expand all Loading... |
885 // but we let it through here as well in case future versions do add support | 889 // but we let it through here as well in case future versions do add support |
886 // for this transition. | 890 // for this transition. |
887 if (*passphrase_type != nigori_passphrase_type && | 891 if (*passphrase_type != nigori_passphrase_type && |
888 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && | 892 nigori_passphrase_type != PassphraseType::IMPLICIT_PASSPHRASE && |
889 (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE || | 893 (*passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE || |
890 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { | 894 nigori_passphrase_type == PassphraseType::CUSTOM_PASSPHRASE)) { |
891 DVLOG(1) << "Changing passphrase state from " | 895 DVLOG(1) << "Changing passphrase state from " |
892 << PassphraseTypeToString(*passphrase_type) << " to " | 896 << PassphraseTypeToString(*passphrase_type) << " to " |
893 << PassphraseTypeToString(nigori_passphrase_type); | 897 << PassphraseTypeToString(nigori_passphrase_type); |
894 *passphrase_type = nigori_passphrase_type; | 898 *passphrase_type = nigori_passphrase_type; |
895 FOR_EACH_OBSERVER( | 899 for (auto& observer : observers_) { |
896 SyncEncryptionHandler::Observer, observers_, | 900 observer.OnPassphraseTypeChanged( |
897 OnPassphraseTypeChanged(*passphrase_type, | 901 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
898 GetExplicitPassphraseTime(*passphrase_type))); | 902 } |
899 } | 903 } |
900 if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && | 904 if (*passphrase_type == PassphraseType::KEYSTORE_PASSPHRASE && |
901 encrypt_everything_) { | 905 encrypt_everything_) { |
902 // This is the case where another client that didn't support keystore | 906 // This is the case where another client that didn't support keystore |
903 // encryption attempted to enable full encryption. We detect it | 907 // encryption attempted to enable full encryption. We detect it |
904 // and switch the passphrase type to frozen implicit passphrase instead | 908 // and switch the passphrase type to frozen implicit passphrase instead |
905 // due to full encryption not being compatible with keystore passphrase. | 909 // due to full encryption not being compatible with keystore passphrase. |
906 // Because the local passphrase type will not match the nigori passphrase | 910 // Because the local passphrase type will not match the nigori passphrase |
907 // type, we will trigger a rewrite and subsequently a re-migration. | 911 // type, we will trigger a rewrite and subsequently a re-migration. |
908 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " | 912 DVLOG(1) << "Changing passphrase state to FROZEN_IMPLICIT_PASSPHRASE " |
909 << "due to full encryption."; | 913 << "due to full encryption."; |
910 *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; | 914 *passphrase_type = PassphraseType::FROZEN_IMPLICIT_PASSPHRASE; |
911 FOR_EACH_OBSERVER( | 915 for (auto& observer : observers_) { |
912 SyncEncryptionHandler::Observer, observers_, | 916 observer.OnPassphraseTypeChanged( |
913 OnPassphraseTypeChanged(*passphrase_type, | 917 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
914 GetExplicitPassphraseTime(*passphrase_type))); | 918 } |
915 } | 919 } |
916 } else { | 920 } else { |
917 // It's possible that while we're waiting for migration a client that does | 921 // It's possible that while we're waiting for migration a client that does |
918 // not have keystore encryption enabled switches to a custom passphrase. | 922 // not have keystore encryption enabled switches to a custom passphrase. |
919 if (nigori.keybag_is_frozen() && | 923 if (nigori.keybag_is_frozen() && |
920 *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) { | 924 *passphrase_type != PassphraseType::CUSTOM_PASSPHRASE) { |
921 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; | 925 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
922 FOR_EACH_OBSERVER( | 926 for (auto& observer : observers_) { |
923 SyncEncryptionHandler::Observer, observers_, | 927 observer.OnPassphraseTypeChanged( |
924 OnPassphraseTypeChanged(*passphrase_type, | 928 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
925 GetExplicitPassphraseTime(*passphrase_type))); | 929 } |
926 } | 930 } |
927 } | 931 } |
928 | 932 |
929 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; | 933 Cryptographer* cryptographer = &UnlockVaultMutable(trans)->cryptographer; |
930 bool nigori_needs_new_keys = false; | 934 bool nigori_needs_new_keys = false; |
931 if (!nigori.encryption_keybag().blob().empty()) { | 935 if (!nigori.encryption_keybag().blob().empty()) { |
932 // We only update the default key if this was a new explicit passphrase. | 936 // We only update the default key if this was a new explicit passphrase. |
933 // Else, since it was decryptable, it must not have been a new key. | 937 // Else, since it was decryptable, it must not have been a new key. |
934 bool need_new_default_key = false; | 938 bool need_new_default_key = false; |
935 if (is_nigori_migrated) { | 939 if (is_nigori_migrated) { |
(...skipping 30 matching lines...) Expand all Loading... |
966 // local encryption keys into it. | 970 // local encryption keys into it. |
967 LOG(WARNING) << "Nigori had empty encryption keybag."; | 971 LOG(WARNING) << "Nigori had empty encryption keybag."; |
968 nigori_needs_new_keys = true; | 972 nigori_needs_new_keys = true; |
969 } | 973 } |
970 | 974 |
971 // If we've completed a sync cycle and the cryptographer isn't ready | 975 // If we've completed a sync cycle and the cryptographer isn't ready |
972 // yet or has pending keys, prompt the user for a passphrase. | 976 // yet or has pending keys, prompt the user for a passphrase. |
973 if (cryptographer->has_pending_keys()) { | 977 if (cryptographer->has_pending_keys()) { |
974 DVLOG(1) << "OnPassphraseRequired Sent"; | 978 DVLOG(1) << "OnPassphraseRequired Sent"; |
975 sync_pb::EncryptedData pending_keys = cryptographer->GetPendingKeys(); | 979 sync_pb::EncryptedData pending_keys = cryptographer->GetPendingKeys(); |
976 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 980 for (auto& observer : observers_) { |
977 OnPassphraseRequired(REASON_DECRYPTION, pending_keys)); | 981 observer.OnPassphraseRequired(REASON_DECRYPTION, pending_keys); |
| 982 } |
978 } else if (!cryptographer->is_ready()) { | 983 } else if (!cryptographer->is_ready()) { |
979 DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not " | 984 DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not " |
980 << "ready"; | 985 << "ready"; |
981 FOR_EACH_OBSERVER( | 986 for (auto& observer : observers_) { |
982 SyncEncryptionHandler::Observer, observers_, | 987 observer.OnPassphraseRequired(REASON_ENCRYPTION, |
983 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); | 988 sync_pb::EncryptedData()); |
| 989 } |
984 } | 990 } |
985 | 991 |
986 // Check if the current local encryption state is stricter/newer than the | 992 // Check if the current local encryption state is stricter/newer than the |
987 // nigori state. If so, we need to overwrite the nigori node with the local | 993 // nigori state. If so, we need to overwrite the nigori node with the local |
988 // state. | 994 // state. |
989 bool passphrase_type_matches = true; | 995 bool passphrase_type_matches = true; |
990 if (!is_nigori_migrated) { | 996 if (!is_nigori_migrated) { |
991 DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || | 997 DCHECK(*passphrase_type == PassphraseType::CUSTOM_PASSPHRASE || |
992 *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE); | 998 *passphrase_type == PassphraseType::IMPLICIT_PASSPHRASE); |
993 passphrase_type_matches = | 999 passphrase_type_matches = |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1083 nigori_encrypted_types.PutAll(SensitiveTypes()); | 1089 nigori_encrypted_types.PutAll(SensitiveTypes()); |
1084 | 1090 |
1085 // If anything more than the sensitive types were encrypted, and | 1091 // If anything more than the sensitive types were encrypted, and |
1086 // encrypt_everything is not explicitly set to false, we assume it means | 1092 // encrypt_everything is not explicitly set to false, we assume it means |
1087 // a client intended to enable encrypt everything. | 1093 // a client intended to enable encrypt everything. |
1088 if (!nigori.has_encrypt_everything() && | 1094 if (!nigori.has_encrypt_everything() && |
1089 !Difference(nigori_encrypted_types, SensitiveTypes()).Empty()) { | 1095 !Difference(nigori_encrypted_types, SensitiveTypes()).Empty()) { |
1090 if (!encrypt_everything_) { | 1096 if (!encrypt_everything_) { |
1091 encrypt_everything_ = true; | 1097 encrypt_everything_ = true; |
1092 *encrypted_types = EncryptableUserTypes(); | 1098 *encrypted_types = EncryptableUserTypes(); |
1093 FOR_EACH_OBSERVER( | 1099 for (auto& observer : observers_) { |
1094 Observer, observers_, | 1100 observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_); |
1095 OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_)); | 1101 } |
1096 } | 1102 } |
1097 DCHECK(*encrypted_types == EncryptableUserTypes()); | 1103 DCHECK(*encrypted_types == EncryptableUserTypes()); |
1098 return false; | 1104 return false; |
1099 } | 1105 } |
1100 | 1106 |
1101 MergeEncryptedTypes(nigori_encrypted_types, trans); | 1107 MergeEncryptedTypes(nigori_encrypted_types, trans); |
1102 return *encrypted_types == nigori_encrypted_types; | 1108 return *encrypted_types == nigori_encrypted_types; |
1103 } | 1109 } |
1104 | 1110 |
1105 void SyncEncryptionHandlerImpl::SetCustomPassphrase( | 1111 void SyncEncryptionHandlerImpl::SetCustomPassphrase( |
(...skipping 30 matching lines...) Expand all Loading... |
1136 NOTREACHED() << "Failed to add key to cryptographer."; | 1142 NOTREACHED() << "Failed to add key to cryptographer."; |
1137 return; | 1143 return; |
1138 } | 1144 } |
1139 | 1145 |
1140 DVLOG(1) << "Setting custom passphrase."; | 1146 DVLOG(1) << "Setting custom passphrase."; |
1141 cryptographer->GetBootstrapToken(&bootstrap_token); | 1147 cryptographer->GetBootstrapToken(&bootstrap_token); |
1142 PassphraseType* passphrase_type = | 1148 PassphraseType* passphrase_type = |
1143 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; | 1149 &UnlockVaultMutable(trans->GetWrappedTrans())->passphrase_type; |
1144 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; | 1150 *passphrase_type = PassphraseType::CUSTOM_PASSPHRASE; |
1145 custom_passphrase_time_ = base::Time::Now(); | 1151 custom_passphrase_time_ = base::Time::Now(); |
1146 FOR_EACH_OBSERVER( | 1152 for (auto& observer : observers_) { |
1147 SyncEncryptionHandler::Observer, observers_, | 1153 observer.OnPassphraseTypeChanged( |
1148 OnPassphraseTypeChanged(*passphrase_type, | 1154 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
1149 GetExplicitPassphraseTime(*passphrase_type))); | 1155 } |
1150 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); | 1156 FinishSetPassphrase(true, bootstrap_token, trans, nigori_node); |
1151 } | 1157 } |
1152 | 1158 |
1153 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( | 1159 void SyncEncryptionHandlerImpl::NotifyObserversOfLocalCustomPassphrase( |
1154 WriteTransaction* trans) { | 1160 WriteTransaction* trans) { |
1155 WriteNode nigori_node(trans); | 1161 WriteNode nigori_node(trans); |
1156 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); | 1162 BaseNode::InitByLookupResult init_result = nigori_node.InitTypeRoot(NIGORI); |
1157 DCHECK_EQ(init_result, BaseNode::INIT_OK); | 1163 DCHECK_EQ(init_result, BaseNode::INIT_OK); |
1158 NigoriState nigori_state; | 1164 NigoriState nigori_state; |
1159 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); | 1165 nigori_state.nigori_specifics = nigori_node.GetNigoriSpecifics(); |
1160 DCHECK(nigori_state.nigori_specifics.passphrase_type() == | 1166 DCHECK(nigori_state.nigori_specifics.passphrase_type() == |
1161 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || | 1167 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE || |
1162 nigori_state.nigori_specifics.passphrase_type() == | 1168 nigori_state.nigori_specifics.passphrase_type() == |
1163 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); | 1169 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); |
1164 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1170 for (auto& observer : observers_) { |
1165 OnLocalSetPassphraseEncryption(nigori_state)); | 1171 observer.OnLocalSetPassphraseEncryption(nigori_state); |
| 1172 } |
1166 } | 1173 } |
1167 | 1174 |
1168 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( | 1175 void SyncEncryptionHandlerImpl::DecryptPendingKeysWithExplicitPassphrase( |
1169 const std::string& passphrase, | 1176 const std::string& passphrase, |
1170 WriteTransaction* trans, | 1177 WriteTransaction* trans, |
1171 WriteNode* nigori_node) { | 1178 WriteNode* nigori_node) { |
1172 DCHECK(thread_checker_.CalledOnValidThread()); | 1179 DCHECK(thread_checker_.CalledOnValidThread()); |
1173 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); | 1180 DCHECK(IsExplicitPassphrase(GetPassphraseType(trans->GetWrappedTrans()))); |
1174 KeyParams key_params = {"localhost", "dummy", passphrase}; | 1181 KeyParams key_params = {"localhost", "dummy", passphrase}; |
1175 | 1182 |
(...skipping 27 matching lines...) Expand all Loading... |
1203 } | 1210 } |
1204 FinishSetPassphrase(success, bootstrap_token, trans, nigori_node); | 1211 FinishSetPassphrase(success, bootstrap_token, trans, nigori_node); |
1205 } | 1212 } |
1206 | 1213 |
1207 void SyncEncryptionHandlerImpl::FinishSetPassphrase( | 1214 void SyncEncryptionHandlerImpl::FinishSetPassphrase( |
1208 bool success, | 1215 bool success, |
1209 const std::string& bootstrap_token, | 1216 const std::string& bootstrap_token, |
1210 WriteTransaction* trans, | 1217 WriteTransaction* trans, |
1211 WriteNode* nigori_node) { | 1218 WriteNode* nigori_node) { |
1212 DCHECK(thread_checker_.CalledOnValidThread()); | 1219 DCHECK(thread_checker_.CalledOnValidThread()); |
1213 FOR_EACH_OBSERVER( | 1220 for (auto& observer : observers_) { |
1214 SyncEncryptionHandler::Observer, observers_, | 1221 observer.OnCryptographerStateChanged( |
1215 OnCryptographerStateChanged( | 1222 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer); |
1216 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer)); | 1223 } |
1217 | 1224 |
1218 // It's possible we need to change the bootstrap token even if we failed to | 1225 // It's possible we need to change the bootstrap token even if we failed to |
1219 // set the passphrase (for example if we need to preserve the new GAIA | 1226 // set the passphrase (for example if we need to preserve the new GAIA |
1220 // passphrase). | 1227 // passphrase). |
1221 if (!bootstrap_token.empty()) { | 1228 if (!bootstrap_token.empty()) { |
1222 DVLOG(1) << "Passphrase bootstrap token updated."; | 1229 DVLOG(1) << "Passphrase bootstrap token updated."; |
1223 FOR_EACH_OBSERVER( | 1230 for (auto& observer : observers_) { |
1224 SyncEncryptionHandler::Observer, observers_, | 1231 observer.OnBootstrapTokenUpdated(bootstrap_token, |
1225 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1232 PASSPHRASE_BOOTSTRAP_TOKEN); |
| 1233 } |
1226 } | 1234 } |
1227 | 1235 |
1228 const Cryptographer& cryptographer = | 1236 const Cryptographer& cryptographer = |
1229 UnlockVault(trans->GetWrappedTrans()).cryptographer; | 1237 UnlockVault(trans->GetWrappedTrans()).cryptographer; |
1230 if (!success) { | 1238 if (!success) { |
1231 if (cryptographer.is_ready()) { | 1239 if (cryptographer.is_ready()) { |
1232 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " | 1240 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " |
1233 << "was ready."; | 1241 << "was ready."; |
1234 } else if (cryptographer.has_pending_keys()) { | 1242 } else if (cryptographer.has_pending_keys()) { |
1235 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1243 for (auto& observer : observers_) { |
1236 OnPassphraseRequired(REASON_DECRYPTION, | 1244 observer.OnPassphraseRequired(REASON_DECRYPTION, |
1237 cryptographer.GetPendingKeys())); | 1245 cryptographer.GetPendingKeys()); |
| 1246 } |
1238 } else { | 1247 } else { |
1239 FOR_EACH_OBSERVER( | 1248 for (auto& observer : observers_) { |
1240 SyncEncryptionHandler::Observer, observers_, | 1249 observer.OnPassphraseRequired(REASON_ENCRYPTION, |
1241 OnPassphraseRequired(REASON_ENCRYPTION, sync_pb::EncryptedData())); | 1250 sync_pb::EncryptedData()); |
| 1251 } |
1242 } | 1252 } |
1243 return; | 1253 return; |
1244 } | 1254 } |
1245 DCHECK(success); | 1255 DCHECK(success); |
1246 DCHECK(cryptographer.is_ready()); | 1256 DCHECK(cryptographer.is_ready()); |
1247 | 1257 |
1248 // Will do nothing if we're already properly migrated or unable to migrate | 1258 // Will do nothing if we're already properly migrated or unable to migrate |
1249 // (in otherwords, if ShouldTriggerMigration is false). | 1259 // (in otherwords, if ShouldTriggerMigration is false). |
1250 // Otherwise will update the nigori node with the current migrated state, | 1260 // Otherwise will update the nigori node with the current migrated state, |
1251 // writing all encryption state as it does. | 1261 // writing all encryption state as it does. |
(...skipping 15 matching lines...) Expand all Loading... |
1267 // If we set a new custom passphrase, store the timestamp. | 1277 // If we set a new custom passphrase, store the timestamp. |
1268 if (!custom_passphrase_time_.is_null()) { | 1278 if (!custom_passphrase_time_.is_null()) { |
1269 nigori.set_custom_passphrase_time( | 1279 nigori.set_custom_passphrase_time( |
1270 TimeToProtoTime(custom_passphrase_time_)); | 1280 TimeToProtoTime(custom_passphrase_time_)); |
1271 } | 1281 } |
1272 nigori_node->SetNigoriSpecifics(nigori); | 1282 nigori_node->SetNigoriSpecifics(nigori); |
1273 } | 1283 } |
1274 | 1284 |
1275 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS | 1285 // Must do this after OnPassphraseTypeChanged, in order to ensure the PSS |
1276 // checks the passphrase state after it has been set. | 1286 // checks the passphrase state after it has been set. |
1277 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1287 for (auto& observer : observers_) { |
1278 OnPassphraseAccepted()); | 1288 observer.OnPassphraseAccepted(); |
| 1289 } |
1279 | 1290 |
1280 // Does nothing if everything is already encrypted. | 1291 // Does nothing if everything is already encrypted. |
1281 // TODO(zea): If we just migrated and enabled encryption, this will be | 1292 // TODO(zea): If we just migrated and enabled encryption, this will be |
1282 // redundant. Figure out a way to not do this unnecessarily. | 1293 // redundant. Figure out a way to not do this unnecessarily. |
1283 ReEncryptEverything(trans); | 1294 ReEncryptEverything(trans); |
1284 } | 1295 } |
1285 | 1296 |
1286 void SyncEncryptionHandlerImpl::MergeEncryptedTypes( | 1297 void SyncEncryptionHandlerImpl::MergeEncryptedTypes( |
1287 ModelTypeSet new_encrypted_types, | 1298 ModelTypeSet new_encrypted_types, |
1288 syncable::BaseTransaction* const trans) { | 1299 syncable::BaseTransaction* const trans) { |
1289 DCHECK(thread_checker_.CalledOnValidThread()); | 1300 DCHECK(thread_checker_.CalledOnValidThread()); |
1290 | 1301 |
1291 // Only UserTypes may be encrypted. | 1302 // Only UserTypes may be encrypted. |
1292 DCHECK(EncryptableUserTypes().HasAll(new_encrypted_types)); | 1303 DCHECK(EncryptableUserTypes().HasAll(new_encrypted_types)); |
1293 | 1304 |
1294 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; | 1305 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; |
1295 if (!encrypted_types->HasAll(new_encrypted_types)) { | 1306 if (!encrypted_types->HasAll(new_encrypted_types)) { |
1296 *encrypted_types = new_encrypted_types; | 1307 *encrypted_types = new_encrypted_types; |
1297 FOR_EACH_OBSERVER( | 1308 for (auto& observer : observers_) { |
1298 Observer, observers_, | 1309 observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_); |
1299 OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_)); | 1310 } |
1300 } | 1311 } |
1301 } | 1312 } |
1302 | 1313 |
1303 SyncEncryptionHandlerImpl::Vault* SyncEncryptionHandlerImpl::UnlockVaultMutable( | 1314 SyncEncryptionHandlerImpl::Vault* SyncEncryptionHandlerImpl::UnlockVaultMutable( |
1304 syncable::BaseTransaction* const trans) { | 1315 syncable::BaseTransaction* const trans) { |
1305 DCHECK_EQ(user_share_->directory.get(), trans->directory()); | 1316 DCHECK_EQ(user_share_->directory.get(), trans->directory()); |
1306 return &vault_unsafe_; | 1317 return &vault_unsafe_; |
1307 } | 1318 } |
1308 | 1319 |
1309 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( | 1320 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1420 DVLOG(1) << "Migrating keybag to keystore key."; | 1431 DVLOG(1) << "Migrating keybag to keystore key."; |
1421 bool cryptographer_was_ready = cryptographer->is_ready(); | 1432 bool cryptographer_was_ready = cryptographer->is_ready(); |
1422 if (!cryptographer->AddKey(key_params)) { | 1433 if (!cryptographer->AddKey(key_params)) { |
1423 LOG(ERROR) << "Failed to add keystore key as default key"; | 1434 LOG(ERROR) << "Failed to add keystore key as default key"; |
1424 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", | 1435 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", |
1425 FAILED_TO_SET_DEFAULT_KEYSTORE, | 1436 FAILED_TO_SET_DEFAULT_KEYSTORE, |
1426 MIGRATION_RESULT_SIZE); | 1437 MIGRATION_RESULT_SIZE); |
1427 return false; | 1438 return false; |
1428 } | 1439 } |
1429 if (!cryptographer_was_ready && cryptographer->is_ready()) { | 1440 if (!cryptographer_was_ready && cryptographer->is_ready()) { |
1430 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1441 for (auto& observer : observers_) { |
1431 OnPassphraseAccepted()); | 1442 observer.OnPassphraseAccepted(); |
| 1443 } |
1432 } | 1444 } |
1433 } else { | 1445 } else { |
1434 // We're in backwards compatible mode -- either the account has an | 1446 // We're in backwards compatible mode -- either the account has an |
1435 // explicit passphrase, or we want to preserve the current GAIA-based key | 1447 // explicit passphrase, or we want to preserve the current GAIA-based key |
1436 // as the default because we can (there have been no key rotations since | 1448 // as the default because we can (there have been no key rotations since |
1437 // the migration). | 1449 // the migration). |
1438 DVLOG(1) << "Migrating keybag while preserving old key"; | 1450 DVLOG(1) << "Migrating keybag while preserving old key"; |
1439 if (!cryptographer->AddNonDefaultKey(key_params)) { | 1451 if (!cryptographer->AddNonDefaultKey(key_params)) { |
1440 LOG(ERROR) << "Failed to add keystore key as non-default key."; | 1452 LOG(ERROR) << "Failed to add keystore key as non-default key."; |
1441 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", | 1453 UMA_HISTOGRAM_ENUMERATION("Sync.AttemptNigoriMigration", |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1475 | 1487 |
1476 if (migration_time_.is_null()) | 1488 if (migration_time_.is_null()) |
1477 migration_time_ = base::Time::Now(); | 1489 migration_time_ = base::Time::Now(); |
1478 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); | 1490 migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_)); |
1479 | 1491 |
1480 if (!custom_passphrase_time_.is_null()) { | 1492 if (!custom_passphrase_time_.is_null()) { |
1481 migrated_nigori.set_custom_passphrase_time( | 1493 migrated_nigori.set_custom_passphrase_time( |
1482 TimeToProtoTime(custom_passphrase_time_)); | 1494 TimeToProtoTime(custom_passphrase_time_)); |
1483 } | 1495 } |
1484 | 1496 |
1485 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1497 for (auto& observer : observers_) { |
1486 OnCryptographerStateChanged(cryptographer)); | 1498 observer.OnCryptographerStateChanged(cryptographer); |
| 1499 } |
1487 if (*passphrase_type != new_passphrase_type) { | 1500 if (*passphrase_type != new_passphrase_type) { |
1488 *passphrase_type = new_passphrase_type; | 1501 *passphrase_type = new_passphrase_type; |
1489 FOR_EACH_OBSERVER( | 1502 for (auto& observer : observers_) { |
1490 SyncEncryptionHandler::Observer, observers_, | 1503 observer.OnPassphraseTypeChanged( |
1491 OnPassphraseTypeChanged(*passphrase_type, | 1504 *passphrase_type, GetExplicitPassphraseTime(*passphrase_type)); |
1492 GetExplicitPassphraseTime(*passphrase_type))); | 1505 } |
1493 } | 1506 } |
1494 | 1507 |
1495 if (new_encrypt_everything && !encrypt_everything_) { | 1508 if (new_encrypt_everything && !encrypt_everything_) { |
1496 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); | 1509 EnableEncryptEverythingImpl(trans->GetWrappedTrans()); |
1497 ReEncryptEverything(trans); | 1510 ReEncryptEverything(trans); |
1498 } else if (!cryptographer->CanDecryptUsingDefaultKey( | 1511 } else if (!cryptographer->CanDecryptUsingDefaultKey( |
1499 old_nigori.encryption_keybag())) { | 1512 old_nigori.encryption_keybag())) { |
1500 DVLOG(1) << "Rencrypting everything due to key rotation."; | 1513 DVLOG(1) << "Rencrypting everything due to key rotation."; |
1501 ReEncryptEverything(trans); | 1514 ReEncryptEverything(trans); |
1502 } | 1515 } |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1575 | 1588 |
1576 void SyncEncryptionHandlerImpl::EnableEncryptEverythingImpl( | 1589 void SyncEncryptionHandlerImpl::EnableEncryptEverythingImpl( |
1577 syncable::BaseTransaction* const trans) { | 1590 syncable::BaseTransaction* const trans) { |
1578 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; | 1591 ModelTypeSet* encrypted_types = &UnlockVaultMutable(trans)->encrypted_types; |
1579 if (encrypt_everything_) { | 1592 if (encrypt_everything_) { |
1580 DCHECK_EQ(EncryptableUserTypes(), *encrypted_types); | 1593 DCHECK_EQ(EncryptableUserTypes(), *encrypted_types); |
1581 return; | 1594 return; |
1582 } | 1595 } |
1583 encrypt_everything_ = true; | 1596 encrypt_everything_ = true; |
1584 *encrypted_types = EncryptableUserTypes(); | 1597 *encrypted_types = EncryptableUserTypes(); |
1585 FOR_EACH_OBSERVER( | 1598 for (auto& observer : observers_) { |
1586 Observer, observers_, | 1599 observer.OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_); |
1587 OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_)); | 1600 } |
1588 } | 1601 } |
1589 | 1602 |
1590 bool SyncEncryptionHandlerImpl::DecryptPendingKeysWithKeystoreKey( | 1603 bool SyncEncryptionHandlerImpl::DecryptPendingKeysWithKeystoreKey( |
1591 const sync_pb::EncryptedData& keystore_decryptor_token, | 1604 const sync_pb::EncryptedData& keystore_decryptor_token, |
1592 Cryptographer* cryptographer) { | 1605 Cryptographer* cryptographer) { |
1593 DCHECK(cryptographer->has_pending_keys()); | 1606 DCHECK(cryptographer->has_pending_keys()); |
1594 if (keystore_decryptor_token.blob().empty()) | 1607 if (keystore_decryptor_token.blob().empty()) |
1595 return false; | 1608 return false; |
1596 Cryptographer temp_cryptographer(cryptographer->encryptor()); | 1609 Cryptographer temp_cryptographer(cryptographer->encryptor()); |
1597 | 1610 |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1637 } else { | 1650 } else { |
1638 // Theoretically the encryption keybag should already contain the keystore | 1651 // Theoretically the encryption keybag should already contain the keystore |
1639 // key. We explicitly add it as a safety measure. | 1652 // key. We explicitly add it as a safety measure. |
1640 DVLOG(1) << "Pending keys based on newest keystore key."; | 1653 DVLOG(1) << "Pending keys based on newest keystore key."; |
1641 cryptographer->AddNonDefaultKey(keystore_params); | 1654 cryptographer->AddNonDefaultKey(keystore_params); |
1642 } | 1655 } |
1643 if (cryptographer->is_ready()) { | 1656 if (cryptographer->is_ready()) { |
1644 std::string bootstrap_token; | 1657 std::string bootstrap_token; |
1645 cryptographer->GetBootstrapToken(&bootstrap_token); | 1658 cryptographer->GetBootstrapToken(&bootstrap_token); |
1646 DVLOG(1) << "Keystore decryptor token decrypted pending keys."; | 1659 DVLOG(1) << "Keystore decryptor token decrypted pending keys."; |
1647 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1660 // Note: These are separate loops to match previous functionality and not |
1648 OnPassphraseAccepted()); | 1661 // out of explicit knowledge that they must be. |
1649 FOR_EACH_OBSERVER( | 1662 for (auto& observer : observers_) { |
1650 SyncEncryptionHandler::Observer, observers_, | 1663 observer.OnPassphraseAccepted(); |
1651 OnBootstrapTokenUpdated(bootstrap_token, PASSPHRASE_BOOTSTRAP_TOKEN)); | 1664 } |
1652 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 1665 for (auto& observer : observers_) { |
1653 OnCryptographerStateChanged(cryptographer)); | 1666 observer.OnBootstrapTokenUpdated(bootstrap_token, |
| 1667 PASSPHRASE_BOOTSTRAP_TOKEN); |
| 1668 } |
| 1669 for (auto& observer : observers_) { |
| 1670 observer.OnCryptographerStateChanged(cryptographer); |
| 1671 } |
1654 return true; | 1672 return true; |
1655 } | 1673 } |
1656 } | 1674 } |
1657 return false; | 1675 return false; |
1658 } | 1676 } |
1659 | 1677 |
1660 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime( | 1678 base::Time SyncEncryptionHandlerImpl::GetExplicitPassphraseTime( |
1661 PassphraseType passphrase_type) const { | 1679 PassphraseType passphrase_type) const { |
1662 if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) | 1680 if (passphrase_type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE) |
1663 return migration_time(); | 1681 return migration_time(); |
1664 else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) | 1682 else if (passphrase_type == PassphraseType::CUSTOM_PASSPHRASE) |
1665 return custom_passphrase_time(); | 1683 return custom_passphrase_time(); |
1666 return base::Time(); | 1684 return base::Time(); |
1667 } | 1685 } |
1668 | 1686 |
1669 } // namespace syncer | 1687 } // namespace syncer |
OLD | NEW |