| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ |
| 6 #define SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "sync/internal_api/public/base/model_type.h" |
| 11 |
| 12 namespace sync_pb { |
| 13 class EncryptedData; |
| 14 } |
| 15 |
| 16 namespace syncer { |
| 17 |
| 18 class Cryptographer; |
| 19 |
| 20 // Reasons due to which Cryptographer might require a passphrase. |
| 21 enum PassphraseRequiredReason { |
| 22 REASON_PASSPHRASE_NOT_REQUIRED = 0, // Initial value. |
| 23 REASON_ENCRYPTION = 1, // The cryptographer requires a |
| 24 // passphrase for its first attempt at |
| 25 // encryption. Happens only during |
| 26 // migration or upgrade. |
| 27 REASON_DECRYPTION = 2, // The cryptographer requires a |
| 28 // passphrase for its first attempt at |
| 29 // decryption. |
| 30 }; |
| 31 |
| 32 // Sync's encryption handler. Handles tracking encrypted types, ensuring the |
| 33 // cryptographer encrypts with the proper key and has the most recent keybag, |
| 34 // and keeps the nigori node up to date. |
| 35 class SyncEncryptionHandler { |
| 36 public: |
| 37 // All Observer methods are done synchronously from within a transaction and |
| 38 // on the sync thread. |
| 39 class Observer { |
| 40 public: |
| 41 Observer(); |
| 42 |
| 43 // Called when user interaction is required to obtain a valid passphrase. |
| 44 // - If the passphrase is required for encryption, |reason| will be |
| 45 // REASON_ENCRYPTION. |
| 46 // - If the passphrase is required for the decryption of data that has |
| 47 // already been encrypted, |reason| will be REASON_DECRYPTION. |
| 48 // - If the passphrase is required because decryption failed, and a new |
| 49 // passphrase is required, |reason| will be REASON_SET_PASSPHRASE_FAILED. |
| 50 // |
| 51 // |pending_keys| is a copy of the cryptographer's pending keys, that may be |
| 52 // cached by the frontend for subsequent use by the UI. |
| 53 virtual void OnPassphraseRequired( |
| 54 PassphraseRequiredReason reason, |
| 55 const sync_pb::EncryptedData& pending_keys) = 0; |
| 56 // Called when the passphrase provided by the user has been accepted and is |
| 57 // now used to encrypt sync data. |
| 58 |
| 59 virtual void OnPassphraseAccepted() = 0; |
| 60 // |bootstrap_token| is an opaque base64 encoded representation of the key |
| 61 // generated by the current passphrase, and is provided to the observer for |
| 62 // persistence purposes and use in a future initialization of sync (e.g. |
| 63 // after restart). The boostrap token will always be derived from the most |
| 64 // recent GAIA password (for accounts with implicit passphrases), even if |
| 65 // the data is still encrypted with an older GAIA password. For accounts |
| 66 // with explicit passphrases, it will be the most recently seen custom |
| 67 // passphrase. |
| 68 virtual void OnBootstrapTokenUpdated( |
| 69 const std::string& bootstrap_token) = 0; |
| 70 |
| 71 // Called when the set of encrypted types or the encrypt |
| 72 // everything flag has been changed. Note that encryption isn't |
| 73 // complete until the OnEncryptionComplete() notification has been |
| 74 // sent (see below). |
| 75 // |
| 76 // |encrypted_types| will always be a superset of |
| 77 // Cryptographer::SensitiveTypes(). If |encrypt_everything| is |
| 78 // true, |encrypted_types| will be the set of all known types. |
| 79 // |
| 80 // Until this function is called, observers can assume that the |
| 81 // set of encrypted types is Cryptographer::SensitiveTypes() and |
| 82 // that the encrypt everything flag is false. |
| 83 virtual void OnEncryptedTypesChanged( |
| 84 ModelTypeSet encrypted_types, |
| 85 bool encrypt_everything) = 0; |
| 86 |
| 87 // Called after we finish encrypting the current set of encrypted |
| 88 // types. |
| 89 virtual void OnEncryptionComplete() = 0; |
| 90 |
| 91 // The cryptographer has been updated. Listeners should check that their |
| 92 // own state matches the cryptographer. |
| 93 // Used primarily for debugging. |
| 94 virtual void OnCryptographerStateChanged(Cryptographer* cryptographer) = 0; |
| 95 |
| 96 protected: |
| 97 virtual ~Observer(); |
| 98 }; |
| 99 |
| 100 SyncEncryptionHandler(); |
| 101 virtual ~SyncEncryptionHandler(); |
| 102 |
| 103 // Add/Remove SyncEncryptionHandler::Observer's. |
| 104 // Must be called from sync thread. |
| 105 virtual void AddObserver(Observer* observer) = 0; |
| 106 virtual void RemoveObserver(Observer* observer) = 0; |
| 107 |
| 108 // Reads the nigori node, updates internal state as needed, and, if an |
| 109 // empty/stale nigori node is detected, overwrites the existing |
| 110 // nigori node. Upon completion, if the cryptographer is still ready |
| 111 // attempts to re-encrypt all sync data. |
| 112 // Note: This method is expensive (it iterates through all encrypted types), |
| 113 // so should only be used sparingly (e.g. on startup). |
| 114 virtual void Init() = 0; |
| 115 |
| 116 // Attempts to re-encrypt encrypted data types using the passphrase provided. |
| 117 // Notifies observers of the result of the operation via OnPassphraseAccepted |
| 118 // or OnPassphraseRequired, updates the nigori node, and does re-encryption as |
| 119 // appropriate. If an explicit password has been set previously, we drop |
| 120 // subsequent requests to set a passphrase. If the cryptographer has pending |
| 121 // keys, and a new implicit passphrase is provided, we try decrypting the |
| 122 // pending keys with it, and if that fails, we cache the passphrase for |
| 123 // re-encryption once the pending keys are decrypted. |
| 124 virtual void SetEncryptionPassphrase(const std::string& passphrase, |
| 125 bool is_explicit) = 0; |
| 126 |
| 127 // Provides a passphrase for decrypting the user's existing sync data. |
| 128 // Notifies observers of the result of the operation via OnPassphraseAccepted |
| 129 // or OnPassphraseRequired, updates the nigori node, and does re-encryption as |
| 130 // appropriate if there is a previously cached encryption passphrase. It is an |
| 131 // error to call this when we don't have pending keys. |
| 132 virtual void SetDecryptionPassphrase(const std::string& passphrase) = 0; |
| 133 |
| 134 // Enables encryption of all datatypes. |
| 135 virtual void EnableEncryptEverything() = 0; |
| 136 |
| 137 // Whether encryption of all datatypes is enabled. If false, only sensitive |
| 138 // types are encrypted. |
| 139 virtual bool EncryptEverythingEnabled() const = 0; |
| 140 |
| 141 // Whether the account requires a user-provided passphrase to decrypt |
| 142 // encrypted data. |
| 143 virtual bool IsUsingExplicitPassphrase() const = 0; |
| 144 |
| 145 // The set of types that are always encrypted. |
| 146 static ModelTypeSet SensitiveTypes(); |
| 147 }; |
| 148 |
| 149 } // namespace syncer |
| 150 |
| 151 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10827266:
[Sync] Add SyncEncryptionHandler (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src