| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/internal_api/sync_encryption_handler_impl.h" | 5 #include "sync/internal_api/sync_encryption_handler_impl.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/message_loop.h" | 10 #include "base/message_loop.h" |
| (...skipping 1585 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1596 | 1596 |
| 1597 // Check that the cryptographer can still decrypt keystore key based | 1597 // Check that the cryptographer can still decrypt keystore key based |
| 1598 // encryption (due to extracting the keystore key from the encryption keybag). | 1598 // encryption (due to extracting the keystore key from the encryption keybag). |
| 1599 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); | 1599 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); |
| 1600 keystore_cryptographer.AddKey(keystore_key); | 1600 keystore_cryptographer.AddKey(keystore_key); |
| 1601 sync_pb::EncryptedData keystore_encrypted; | 1601 sync_pb::EncryptedData keystore_encrypted; |
| 1602 keystore_cryptographer.EncryptString("string", &keystore_encrypted); | 1602 keystore_cryptographer.EncryptString("string", &keystore_encrypted); |
| 1603 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); | 1603 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); |
| 1604 } | 1604 } |
| 1605 | 1605 |
| 1606 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but |
| 1607 // using an old default key (i.e. old GAIA password), we should overwrite the |
| 1608 // nigori, updating the keybag and keystore decryptor. |
| 1609 TEST_F(SyncEncryptionHandlerImplTest, |
| 1610 ReceiveMigratedNigoriWithOldPassphrase) { |
| 1611 const char kOldKey[] = "old"; |
| 1612 const char kCurKey[] = "cur"; |
| 1613 sync_pb::EncryptedData encrypted; |
| 1614 KeyParams old_key = {"localhost", "dummy", kOldKey}; |
| 1615 KeyParams cur_key = {"localhost", "dummy", kCurKey}; |
| 1616 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; |
| 1617 GetCryptographer()->AddKey(old_key); |
| 1618 GetCryptographer()->AddKey(cur_key); |
| 1619 |
| 1620 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
| 1621 other_cryptographer.AddKey(old_key); |
| 1622 EXPECT_TRUE(other_cryptographer.is_ready()); |
| 1623 |
| 1624 EXPECT_CALL(*observer(), |
| 1625 OnCryptographerStateChanged(_)); |
| 1626 EXPECT_CALL(*observer(), |
| 1627 OnEncryptedTypesChanged(_, false)); |
| 1628 EXPECT_CALL(*observer(), |
| 1629 OnEncryptionComplete()); |
| 1630 encryption_handler()->Init(); |
| 1631 EXPECT_TRUE(GetCryptographer()->is_ready()); |
| 1632 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled()); |
| 1633 |
| 1634 { |
| 1635 EXPECT_CALL(*observer(), |
| 1636 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); |
| 1637 ReadTransaction trans(FROM_HERE, user_share()); |
| 1638 encryption_handler()->SetKeystoreKey(kKeystoreKey, trans.GetWrappedTrans()); |
| 1639 } |
| 1640 EXPECT_CALL(*observer(), |
| 1641 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE)); |
| 1642 PumpLoop(); |
| 1643 Mock::VerifyAndClearExpectations(observer()); |
| 1644 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
| 1645 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
| 1646 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); |
| 1647 |
| 1648 // Now build an old keystore passphrase nigori node. |
| 1649 EXPECT_CALL(*observer(), |
| 1650 OnCryptographerStateChanged(_)); |
| 1651 { |
| 1652 WriteTransaction trans(FROM_HERE, user_share()); |
| 1653 WriteNode nigori_node(&trans); |
| 1654 ASSERT_EQ(nigori_node.InitByTagLookup(kNigoriTag), BaseNode::INIT_OK); |
| 1655 sync_pb::NigoriSpecifics nigori; |
| 1656 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); |
| 1657 other_cryptographer.AddKey(old_key); |
| 1658 encryption_handler()->GetKeystoreDecryptor( |
| 1659 other_cryptographer, |
| 1660 kKeystoreKey, |
| 1661 nigori.mutable_keystore_decryptor_token()); |
| 1662 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); |
| 1663 nigori.set_keybag_is_frozen(true); |
| 1664 nigori.set_encrypt_everything(false); |
| 1665 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); |
| 1666 nigori.set_keystore_migration_time(1); |
| 1667 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); |
| 1668 nigori_node.SetNigoriSpecifics(nigori); |
| 1669 } |
| 1670 PumpLoop(); |
| 1671 |
| 1672 // Verify we're still migrated and have proper encryption state. |
| 1673 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); |
| 1674 EXPECT_TRUE(GetCryptographer()->is_ready()); |
| 1675 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); |
| 1676 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled()); |
| 1677 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); |
| 1678 } |
| 1679 |
| 1606 } // namespace syncer | 1680 } // namespace syncer |
| OLD | NEW |