Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(279)

Side by Side Diff: sync/internal_api/sync_encryption_handler_impl.cc

Issue 10878015: [Sync] Move keystore key handling to SyncEncryptionHandlerImpl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sync/internal_api/sync_encryption_handler_impl.h" 5 #include "sync/internal_api/sync_encryption_handler_impl.h"
6 6
7 #include <queue> 7 #include <queue>
8 #include <string> 8 #include <string>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
42 ModelTypeSet encrypted_types) 42 ModelTypeSet encrypted_types)
43 : cryptographer(encryptor), 43 : cryptographer(encryptor),
44 encrypted_types(encrypted_types) { 44 encrypted_types(encrypted_types) {
45 } 45 }
46 46
47 SyncEncryptionHandlerImpl::Vault::~Vault() { 47 SyncEncryptionHandlerImpl::Vault::~Vault() {
48 } 48 }
49 49
50 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( 50 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl(
51 UserShare* user_share, 51 UserShare* user_share,
52 Encryptor* encryptor) 52 Encryptor* encryptor,
53 const std::string& restored_key_for_bootstrapping,
54 const std::string& restored_keystore_key_for_bootstrapping)
53 : weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)), 55 : weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
54 user_share_(user_share), 56 user_share_(user_share),
55 vault_unsafe_(encryptor, SensitiveTypes()), 57 vault_unsafe_(encryptor, SensitiveTypes()),
56 encrypt_everything_(false), 58 encrypt_everything_(false),
57 passphrase_state_(IMPLICIT_PASSPHRASE), 59 passphrase_state_(IMPLICIT_PASSPHRASE),
60 keystore_key_(restored_keystore_key_for_bootstrapping),
58 nigori_overwrite_count_(0) { 61 nigori_overwrite_count_(0) {
62 // We only bootstrap the user provided passphrase. The keystore key is handled
63 // at Init time once we're sure the nigori is downloaded.
64 vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping);
59 } 65 }
60 66
61 SyncEncryptionHandlerImpl::~SyncEncryptionHandlerImpl() {} 67 SyncEncryptionHandlerImpl::~SyncEncryptionHandlerImpl() {}
62 68
63 void SyncEncryptionHandlerImpl::AddObserver(Observer* observer) { 69 void SyncEncryptionHandlerImpl::AddObserver(Observer* observer) {
64 DCHECK(thread_checker_.CalledOnValidThread()); 70 DCHECK(thread_checker_.CalledOnValidThread());
65 DCHECK(!observers_.HasObserver(observer)); 71 DCHECK(!observers_.HasObserver(observer));
66 observers_.AddObserver(observer); 72 observers_.AddObserver(observer);
67 } 73 }
68 74
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after
417 } 423 }
418 424
419 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( 425 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes(
420 sync_pb::NigoriSpecifics* nigori, 426 sync_pb::NigoriSpecifics* nigori,
421 syncable::BaseTransaction* const trans) const { 427 syncable::BaseTransaction* const trans) const {
422 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, 428 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types,
423 encrypt_everything_, 429 encrypt_everything_,
424 nigori); 430 nigori);
425 } 431 }
426 432
433 bool SyncEncryptionHandlerImpl::NeedKeystoreKey(
434 syncable::BaseTransaction* const trans) const {
435 return keystore_key_.empty();
436 }
437
438 bool SyncEncryptionHandlerImpl::SetKeystoreKey(
439 const std::string& key,
440 syncable::BaseTransaction* const trans) {
441 if (!keystore_key_.empty() || key.empty())
442 return false;
443 keystore_key_ = key;
444
445 // TODO(zea): trigger migration if necessary.
446
447 DVLOG(1) << "Keystore bootstrap token updated.";
448 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
449 OnBootstrapTokenUpdated(key,
450 KEYSTORE_BOOTSTRAP_TOKEN));
451 return true;
452 }
453
427 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( 454 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes(
428 syncable::BaseTransaction* const trans) const { 455 syncable::BaseTransaction* const trans) const {
429 return UnlockVault(trans).encrypted_types; 456 return UnlockVault(trans).encrypted_types;
430 } 457 }
431 458
432 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { 459 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() {
433 DCHECK(thread_checker_.CalledOnValidThread()); 460 DCHECK(thread_checker_.CalledOnValidThread());
434 return &vault_unsafe_.cryptographer; 461 return &vault_unsafe_.cryptographer;
435 } 462 }
436 463
(...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after
681 observers_, 708 observers_,
682 OnCryptographerStateChanged( 709 OnCryptographerStateChanged(
683 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer)); 710 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer));
684 711
685 // It's possible we need to change the bootstrap token even if we failed to 712 // It's possible we need to change the bootstrap token even if we failed to
686 // set the passphrase (for example if we need to preserve the new GAIA 713 // set the passphrase (for example if we need to preserve the new GAIA
687 // passphrase). 714 // passphrase).
688 if (!bootstrap_token.empty()) { 715 if (!bootstrap_token.empty()) {
689 DVLOG(1) << "Passphrase bootstrap token updated."; 716 DVLOG(1) << "Passphrase bootstrap token updated.";
690 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, 717 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
691 OnBootstrapTokenUpdated(bootstrap_token)); 718 OnBootstrapTokenUpdated(bootstrap_token,
719 PASSPHRASE_BOOTSTRAP_TOKEN));
692 } 720 }
693 721
694 const Cryptographer& cryptographer = 722 const Cryptographer& cryptographer =
695 UnlockVault(trans->GetWrappedTrans()).cryptographer; 723 UnlockVault(trans->GetWrappedTrans()).cryptographer;
696 if (!success) { 724 if (!success) {
697 if (cryptographer.is_ready()) { 725 if (cryptographer.is_ready()) {
698 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " 726 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer "
699 << "was ready."; 727 << "was ready.";
700 } else if (cryptographer.has_pending_keys()) { 728 } else if (cryptographer.has_pending_keys()) {
701 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, 729 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
702 OnPassphraseRequired(REASON_DECRYPTION, 730 OnPassphraseRequired(REASON_DECRYPTION,
703 cryptographer.GetPendingKeys())); 731 cryptographer.GetPendingKeys()));
704 } else { 732 } else {
705 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, 733 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
706 OnPassphraseRequired(REASON_ENCRYPTION, 734 OnPassphraseRequired(REASON_ENCRYPTION,
707 sync_pb::EncryptedData())); 735 sync_pb::EncryptedData()));
708 } 736 }
709 return; 737 return;
710 } 738 }
711 739
712 DCHECK(cryptographer.is_ready()); 740 DCHECK(cryptographer.is_ready());
713 741
742 // TODO(zea): trigger migration if necessary.
743
714 sync_pb::NigoriSpecifics specifics(nigori_node->GetNigoriSpecifics()); 744 sync_pb::NigoriSpecifics specifics(nigori_node->GetNigoriSpecifics());
715 // Does not modify specifics.encrypted() if the original decrypted data was 745 // Does not modify specifics.encrypted() if the original decrypted data was
716 // the same. 746 // the same.
717 if (!cryptographer.GetKeys(specifics.mutable_encrypted())) 747 if (!cryptographer.GetKeys(specifics.mutable_encrypted()))
718 NOTREACHED(); 748 NOTREACHED();
719 if (is_explicit && passphrase_state_ != CUSTOM_PASSPHRASE) { 749 if (is_explicit && passphrase_state_ != CUSTOM_PASSPHRASE) {
720 passphrase_state_ = CUSTOM_PASSPHRASE; 750 passphrase_state_ = CUSTOM_PASSPHRASE;
721 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, 751 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
722 OnPassphraseStateChanged(passphrase_state_)); 752 OnPassphraseStateChanged(passphrase_state_));
723 } 753 }
(...skipping 28 matching lines...) Expand all
752 return &vault_unsafe_; 782 return &vault_unsafe_;
753 } 783 }
754 784
755 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( 785 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault(
756 syncable::BaseTransaction* const trans) const { 786 syncable::BaseTransaction* const trans) const {
757 DCHECK_EQ(user_share_->directory.get(), trans->directory()); 787 DCHECK_EQ(user_share_->directory.get(), trans->directory());
758 return vault_unsafe_; 788 return vault_unsafe_;
759 } 789 }
760 790
761 } // namespace browser_sync 791 } // namespace browser_sync
OLDNEW
« no previous file with comments | « sync/internal_api/sync_encryption_handler_impl.h ('k') | sync/internal_api/sync_encryption_handler_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698