| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/internal_api/sync_encryption_handler_impl.h" | 5 #include "sync/internal_api/sync_encryption_handler_impl.h" |
| 6 | 6 |
| 7 #include <queue> | 7 #include <queue> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 ModelTypeSet encrypted_types) | 42 ModelTypeSet encrypted_types) |
| 43 : cryptographer(encryptor), | 43 : cryptographer(encryptor), |
| 44 encrypted_types(encrypted_types) { | 44 encrypted_types(encrypted_types) { |
| 45 } | 45 } |
| 46 | 46 |
| 47 SyncEncryptionHandlerImpl::Vault::~Vault() { | 47 SyncEncryptionHandlerImpl::Vault::~Vault() { |
| 48 } | 48 } |
| 49 | 49 |
| 50 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( | 50 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl( |
| 51 UserShare* user_share, | 51 UserShare* user_share, |
| 52 Encryptor* encryptor) | 52 Encryptor* encryptor, |
| 53 const std::string& restored_key_for_bootstrapping, |
| 54 const std::string& restored_keystore_key_for_bootstrapping) |
| 53 : weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)), | 55 : weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)), |
| 54 user_share_(user_share), | 56 user_share_(user_share), |
| 55 vault_unsafe_(encryptor, SensitiveTypes()), | 57 vault_unsafe_(encryptor, SensitiveTypes()), |
| 56 encrypt_everything_(false), | 58 encrypt_everything_(false), |
| 57 passphrase_state_(IMPLICIT_PASSPHRASE), | 59 passphrase_state_(IMPLICIT_PASSPHRASE), |
| 60 keystore_key_(restored_keystore_key_for_bootstrapping), |
| 58 nigori_overwrite_count_(0) { | 61 nigori_overwrite_count_(0) { |
| 62 // We only bootstrap the user provided passphrase. The keystore key is handled |
| 63 // at Init time once we're sure the nigori is downloaded. |
| 64 vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping); |
| 59 } | 65 } |
| 60 | 66 |
| 61 SyncEncryptionHandlerImpl::~SyncEncryptionHandlerImpl() {} | 67 SyncEncryptionHandlerImpl::~SyncEncryptionHandlerImpl() {} |
| 62 | 68 |
| 63 void SyncEncryptionHandlerImpl::AddObserver(Observer* observer) { | 69 void SyncEncryptionHandlerImpl::AddObserver(Observer* observer) { |
| 64 DCHECK(thread_checker_.CalledOnValidThread()); | 70 DCHECK(thread_checker_.CalledOnValidThread()); |
| 65 DCHECK(!observers_.HasObserver(observer)); | 71 DCHECK(!observers_.HasObserver(observer)); |
| 66 observers_.AddObserver(observer); | 72 observers_.AddObserver(observer); |
| 67 } | 73 } |
| 68 | 74 |
| (...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 417 } | 423 } |
| 418 | 424 |
| 419 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( | 425 void SyncEncryptionHandlerImpl::UpdateNigoriFromEncryptedTypes( |
| 420 sync_pb::NigoriSpecifics* nigori, | 426 sync_pb::NigoriSpecifics* nigori, |
| 421 syncable::BaseTransaction* const trans) const { | 427 syncable::BaseTransaction* const trans) const { |
| 422 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, | 428 syncable::UpdateNigoriFromEncryptedTypes(UnlockVault(trans).encrypted_types, |
| 423 encrypt_everything_, | 429 encrypt_everything_, |
| 424 nigori); | 430 nigori); |
| 425 } | 431 } |
| 426 | 432 |
| 433 bool SyncEncryptionHandlerImpl::NeedKeystoreKey( |
| 434 syncable::BaseTransaction* const trans) const { |
| 435 return keystore_key_.empty(); |
| 436 } |
| 437 |
| 438 bool SyncEncryptionHandlerImpl::SetKeystoreKey( |
| 439 const std::string& key, |
| 440 syncable::BaseTransaction* const trans) { |
| 441 if (!keystore_key_.empty() || key.empty()) |
| 442 return false; |
| 443 keystore_key_ = key; |
| 444 |
| 445 // TODO(zea): trigger migration if necessary. |
| 446 |
| 447 DVLOG(1) << "Keystore bootstrap token updated."; |
| 448 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
| 449 OnBootstrapTokenUpdated(key, |
| 450 KEYSTORE_BOOTSTRAP_TOKEN)); |
| 451 return true; |
| 452 } |
| 453 |
| 427 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( | 454 ModelTypeSet SyncEncryptionHandlerImpl::GetEncryptedTypes( |
| 428 syncable::BaseTransaction* const trans) const { | 455 syncable::BaseTransaction* const trans) const { |
| 429 return UnlockVault(trans).encrypted_types; | 456 return UnlockVault(trans).encrypted_types; |
| 430 } | 457 } |
| 431 | 458 |
| 432 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { | 459 Cryptographer* SyncEncryptionHandlerImpl::GetCryptographerUnsafe() { |
| 433 DCHECK(thread_checker_.CalledOnValidThread()); | 460 DCHECK(thread_checker_.CalledOnValidThread()); |
| 434 return &vault_unsafe_.cryptographer; | 461 return &vault_unsafe_.cryptographer; |
| 435 } | 462 } |
| 436 | 463 |
| (...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 681 observers_, | 708 observers_, |
| 682 OnCryptographerStateChanged( | 709 OnCryptographerStateChanged( |
| 683 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer)); | 710 &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer)); |
| 684 | 711 |
| 685 // It's possible we need to change the bootstrap token even if we failed to | 712 // It's possible we need to change the bootstrap token even if we failed to |
| 686 // set the passphrase (for example if we need to preserve the new GAIA | 713 // set the passphrase (for example if we need to preserve the new GAIA |
| 687 // passphrase). | 714 // passphrase). |
| 688 if (!bootstrap_token.empty()) { | 715 if (!bootstrap_token.empty()) { |
| 689 DVLOG(1) << "Passphrase bootstrap token updated."; | 716 DVLOG(1) << "Passphrase bootstrap token updated."; |
| 690 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 717 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
| 691 OnBootstrapTokenUpdated(bootstrap_token)); | 718 OnBootstrapTokenUpdated(bootstrap_token, |
| 719 PASSPHRASE_BOOTSTRAP_TOKEN)); |
| 692 } | 720 } |
| 693 | 721 |
| 694 const Cryptographer& cryptographer = | 722 const Cryptographer& cryptographer = |
| 695 UnlockVault(trans->GetWrappedTrans()).cryptographer; | 723 UnlockVault(trans->GetWrappedTrans()).cryptographer; |
| 696 if (!success) { | 724 if (!success) { |
| 697 if (cryptographer.is_ready()) { | 725 if (cryptographer.is_ready()) { |
| 698 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " | 726 LOG(ERROR) << "Attempt to change passphrase failed while cryptographer " |
| 699 << "was ready."; | 727 << "was ready."; |
| 700 } else if (cryptographer.has_pending_keys()) { | 728 } else if (cryptographer.has_pending_keys()) { |
| 701 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 729 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
| 702 OnPassphraseRequired(REASON_DECRYPTION, | 730 OnPassphraseRequired(REASON_DECRYPTION, |
| 703 cryptographer.GetPendingKeys())); | 731 cryptographer.GetPendingKeys())); |
| 704 } else { | 732 } else { |
| 705 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 733 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
| 706 OnPassphraseRequired(REASON_ENCRYPTION, | 734 OnPassphraseRequired(REASON_ENCRYPTION, |
| 707 sync_pb::EncryptedData())); | 735 sync_pb::EncryptedData())); |
| 708 } | 736 } |
| 709 return; | 737 return; |
| 710 } | 738 } |
| 711 | 739 |
| 712 DCHECK(cryptographer.is_ready()); | 740 DCHECK(cryptographer.is_ready()); |
| 713 | 741 |
| 742 // TODO(zea): trigger migration if necessary. |
| 743 |
| 714 sync_pb::NigoriSpecifics specifics(nigori_node->GetNigoriSpecifics()); | 744 sync_pb::NigoriSpecifics specifics(nigori_node->GetNigoriSpecifics()); |
| 715 // Does not modify specifics.encrypted() if the original decrypted data was | 745 // Does not modify specifics.encrypted() if the original decrypted data was |
| 716 // the same. | 746 // the same. |
| 717 if (!cryptographer.GetKeys(specifics.mutable_encrypted())) | 747 if (!cryptographer.GetKeys(specifics.mutable_encrypted())) |
| 718 NOTREACHED(); | 748 NOTREACHED(); |
| 719 if (is_explicit && passphrase_state_ != CUSTOM_PASSPHRASE) { | 749 if (is_explicit && passphrase_state_ != CUSTOM_PASSPHRASE) { |
| 720 passphrase_state_ = CUSTOM_PASSPHRASE; | 750 passphrase_state_ = CUSTOM_PASSPHRASE; |
| 721 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, | 751 FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_, |
| 722 OnPassphraseStateChanged(passphrase_state_)); | 752 OnPassphraseStateChanged(passphrase_state_)); |
| 723 } | 753 } |
| (...skipping 28 matching lines...) Expand all Loading... |
| 752 return &vault_unsafe_; | 782 return &vault_unsafe_; |
| 753 } | 783 } |
| 754 | 784 |
| 755 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( | 785 const SyncEncryptionHandlerImpl::Vault& SyncEncryptionHandlerImpl::UnlockVault( |
| 756 syncable::BaseTransaction* const trans) const { | 786 syncable::BaseTransaction* const trans) const { |
| 757 DCHECK_EQ(user_share_->directory.get(), trans->directory()); | 787 DCHECK_EQ(user_share_->directory.get(), trans->directory()); |
| 758 return vault_unsafe_; | 788 return vault_unsafe_; |
| 759 } | 789 } |
| 760 | 790 |
| 761 } // namespace browser_sync | 791 } // namespace browser_sync |
| OLD | NEW |