| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_ | 5 #ifndef SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_ |
| 6 #define SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_ | 6 #define SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 53 | 53 |
| 54 // SyncEncryptionHandler implementation. | 54 // SyncEncryptionHandler implementation. |
| 55 virtual void AddObserver(Observer* observer) OVERRIDE; | 55 virtual void AddObserver(Observer* observer) OVERRIDE; |
| 56 virtual void RemoveObserver(Observer* observer) OVERRIDE; | 56 virtual void RemoveObserver(Observer* observer) OVERRIDE; |
| 57 virtual void Init() OVERRIDE; | 57 virtual void Init() OVERRIDE; |
| 58 virtual void SetEncryptionPassphrase(const std::string& passphrase, | 58 virtual void SetEncryptionPassphrase(const std::string& passphrase, |
| 59 bool is_explicit) OVERRIDE; | 59 bool is_explicit) OVERRIDE; |
| 60 virtual void SetDecryptionPassphrase(const std::string& passphrase) OVERRIDE; | 60 virtual void SetDecryptionPassphrase(const std::string& passphrase) OVERRIDE; |
| 61 virtual void EnableEncryptEverything() OVERRIDE; | 61 virtual void EnableEncryptEverything() OVERRIDE; |
| 62 virtual bool EncryptEverythingEnabled() const OVERRIDE; | 62 virtual bool EncryptEverythingEnabled() const OVERRIDE; |
| 63 virtual PassphraseState GetPassphraseState() const OVERRIDE; | 63 virtual PassphraseType GetPassphraseType() const OVERRIDE; |
| 64 |
| 65 // TODO(zea): provide a method for getting the time at which the nigori |
| 66 // node was migrated. |
| 64 | 67 |
| 65 // NigoriHandler implementation. | 68 // NigoriHandler implementation. |
| 66 // Note: all methods are invoked while the caller holds a transaction. | 69 // Note: all methods are invoked while the caller holds a transaction. |
| 67 virtual void ApplyNigoriUpdate( | 70 virtual void ApplyNigoriUpdate( |
| 68 const sync_pb::NigoriSpecifics& nigori, | 71 const sync_pb::NigoriSpecifics& nigori, |
| 69 syncable::BaseTransaction* const trans) OVERRIDE; | 72 syncable::BaseTransaction* const trans) OVERRIDE; |
| 70 virtual void UpdateNigoriFromEncryptedTypes( | 73 virtual void UpdateNigoriFromEncryptedTypes( |
| 71 sync_pb::NigoriSpecifics* nigori, | 74 sync_pb::NigoriSpecifics* nigori, |
| 72 syncable::BaseTransaction* const trans) const OVERRIDE; | 75 syncable::BaseTransaction* const trans) const OVERRIDE; |
| 73 virtual bool NeedKeystoreKey( | 76 virtual bool NeedKeystoreKey( |
| 74 syncable::BaseTransaction* const trans) const OVERRIDE; | 77 syncable::BaseTransaction* const trans) const OVERRIDE; |
| 75 virtual bool SetKeystoreKey( | 78 virtual bool SetKeystoreKey( |
| 76 const std::string& key, | 79 const std::string& key, |
| 77 syncable::BaseTransaction* const trans) OVERRIDE; | 80 syncable::BaseTransaction* const trans) OVERRIDE; |
| 78 // Can be called from any thread. | 81 // Can be called from any thread. |
| 79 virtual ModelTypeSet GetEncryptedTypes( | 82 virtual ModelTypeSet GetEncryptedTypes( |
| 80 syncable::BaseTransaction* const trans) const OVERRIDE; | 83 syncable::BaseTransaction* const trans) const OVERRIDE; |
| 81 | 84 |
| 82 // Unsafe getters. Use only if sync is not up and running and there is no risk | 85 // Unsafe getters. Use only if sync is not up and running and there is no risk |
| 83 // of other threads calling this. | 86 // of other threads calling this. |
| 84 Cryptographer* GetCryptographerUnsafe(); | 87 Cryptographer* GetCryptographerUnsafe(); |
| 85 ModelTypeSet GetEncryptedTypesUnsafe(); | 88 ModelTypeSet GetEncryptedTypesUnsafe(); |
| 86 | 89 |
| 90 bool MigratedToKeystore(); |
| 91 |
| 87 private: | 92 private: |
| 88 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, | 93 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 89 NigoriEncryptionTypes); | 94 NigoriEncryptionTypes); |
| 90 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, | 95 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 91 EncryptEverythingExplicit); | 96 EncryptEverythingExplicit); |
| 92 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, | 97 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 93 EncryptEverythingImplicit); | 98 EncryptEverythingImplicit); |
| 94 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, | 99 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 95 UnknownSensitiveTypes); | 100 UnknownSensitiveTypes); |
| 101 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 102 GetKeystoreDecryptor); |
| 103 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 104 ReceiveMigratedNigoriKeystorePass); |
| 105 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 106 ReceiveUmigratedNigoriAfterMigration); |
| 107 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 108 ReceiveOldMigratedNigori); |
| 109 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 110 SetKeystoreAfterReceivingMigratedNigori); |
| 111 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 112 SetCustomPassAfterMigration); |
| 113 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 114 SetCustomPassAfterMigrationNoKeystoreKey); |
| 115 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 116 SetImplicitPassAfterMigrationNoKeystoreKey); |
| 117 FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, |
| 118 MigrateOnEncryptEverythingKeystorePassphrase); |
| 96 | 119 |
| 97 // Container for members that require thread safety protection. All members | 120 // Container for members that require thread safety protection. All members |
| 98 // that can be accessed from more than one thread should be held here and | 121 // that can be accessed from more than one thread should be held here and |
| 99 // accessed via UnlockVault(..) and UnlockVaultMutable(..), which enforce | 122 // accessed via UnlockVault(..) and UnlockVaultMutable(..), which enforce |
| 100 // that a transaction is held. | 123 // that a transaction is held. |
| 101 struct Vault { | 124 struct Vault { |
| 102 Vault(Encryptor* encryptor, ModelTypeSet encrypted_types); | 125 Vault(Encryptor* encryptor, ModelTypeSet encrypted_types); |
| 103 ~Vault(); | 126 ~Vault(); |
| 104 | 127 |
| 105 // Sync's cryptographer. Used for encrypting and decrypting sync data. | 128 // Sync's cryptographer. Used for encrypting and decrypting sync data. |
| (...skipping 27 matching lines...) Expand all Loading... |
| 133 // Updates local encrypted types from |nigori|. | 156 // Updates local encrypted types from |nigori|. |
| 134 // Returns true if the local set of encrypted types either matched or was | 157 // Returns true if the local set of encrypted types either matched or was |
| 135 // a subset of that in |nigori|. Returns false if the local state already | 158 // a subset of that in |nigori|. Returns false if the local state already |
| 136 // had stricter encryption than |nigori|, and the nigori node needs to be | 159 // had stricter encryption than |nigori|, and the nigori node needs to be |
| 137 // updated with the newer encryption state. | 160 // updated with the newer encryption state. |
| 138 // Note: must be called from within a transaction. | 161 // Note: must be called from within a transaction. |
| 139 bool UpdateEncryptedTypesFromNigori( | 162 bool UpdateEncryptedTypesFromNigori( |
| 140 const sync_pb::NigoriSpecifics& nigori, | 163 const sync_pb::NigoriSpecifics& nigori, |
| 141 syncable::BaseTransaction* const trans); | 164 syncable::BaseTransaction* const trans); |
| 142 | 165 |
| 166 // TODO(zea): make these public and have them replace SetEncryptionPassphrase |
| 167 // and SetDecryptionPassphrase. |
| 168 // Helper methods for handling passphrases once keystore migration has taken |
| 169 // place. |
| 170 // |
| 171 // Sets a new custom passphrase. Should only be called if a custom passphrase |
| 172 // is not already set. |
| 173 // Triggers OnPassphraseAccepted on success, OnPassphraseRequired if a custom |
| 174 // passphrase already existed. |
| 175 void SetCustomPassphrase(const std::string& passphrase, |
| 176 WriteTransaction* trans, |
| 177 WriteNode* nigori_node); |
| 178 // Decrypt the encryption keybag using a user provided passphrase. |
| 179 // Should only be called if the current passphrase is a frozen implicit |
| 180 // passphrase or a custom passphrase. |
| 181 // Triggers OnPassphraseAccepted on success, OnPassphraseRequired on failure. |
| 182 void DecryptPendingKeysWithExplicitPassphrase(const std::string& passphrase, |
| 183 WriteTransaction* trans, |
| 184 WriteNode* nigori_node); |
| 185 |
| 143 // The final step of SetEncryptionPassphrase and SetDecryptionPassphrase that | 186 // The final step of SetEncryptionPassphrase and SetDecryptionPassphrase that |
| 144 // notifies observers of the result of the set passphrase operation, updates | 187 // notifies observers of the result of the set passphrase operation, updates |
| 145 // the nigori node, and does re-encryption. | 188 // the nigori node, and does re-encryption. |
| 146 // |success|: true if the operation was successful and false otherwise. If | 189 // |success|: true if the operation was successful and false otherwise. If |
| 147 // success == false, we send an OnPassphraseRequired notification. | 190 // success == false, we send an OnPassphraseRequired notification. |
| 148 // |bootstrap_token|: used to inform observers if the cryptographer's | 191 // |bootstrap_token|: used to inform observers if the cryptographer's |
| 149 // bootstrap token was updated. | 192 // bootstrap token was updated. |
| 150 // |is_explicit|: used to differentiate between a custom passphrase (true) and | 193 // |is_explicit|: used to differentiate between a custom passphrase (true) and |
| 151 // a GAIA passphrase that is implicitly used for encryption | 194 // a GAIA passphrase that is implicitly used for encryption |
| 152 // (false). | 195 // (false). |
| 153 // |trans| and |nigori_node|: used to access data in the cryptographer. | 196 // |trans| and |nigori_node|: used to access data in the cryptographer. |
| 154 void FinishSetPassphrase(bool success, | 197 void FinishSetPassphrase(bool success, |
| 155 const std::string& bootstrap_token, | 198 const std::string& bootstrap_token, |
| 156 bool is_explicit, | |
| 157 WriteTransaction* trans, | 199 WriteTransaction* trans, |
| 158 WriteNode* nigori_node); | 200 WriteNode* nigori_node); |
| 159 | 201 |
| 160 // Merges the given set of encrypted types with the existing set and emits a | 202 // Merges the given set of encrypted types with the existing set and emits a |
| 161 // notification if necessary. | 203 // notification if necessary. |
| 162 // Note: must be called from within a transaction. | 204 // Note: must be called from within a transaction. |
| 163 void MergeEncryptedTypes(ModelTypeSet new_encrypted_types, | 205 void MergeEncryptedTypes(ModelTypeSet new_encrypted_types, |
| 164 syncable::BaseTransaction* const trans); | 206 syncable::BaseTransaction* const trans); |
| 165 | 207 |
| 166 // Helper methods for ensuring transactions are held when accessing | 208 // Helper methods for ensuring transactions are held when accessing |
| 167 // |vault_unsafe_|. | 209 // |vault_unsafe_|. |
| 168 Vault* UnlockVaultMutable(syncable::BaseTransaction* const trans); | 210 Vault* UnlockVaultMutable(syncable::BaseTransaction* const trans); |
| 169 const Vault& UnlockVault(syncable::BaseTransaction* const trans) const; | 211 const Vault& UnlockVault(syncable::BaseTransaction* const trans) const; |
| 170 | 212 |
| 213 // Helper method for determining if migration of a nigori node should be |
| 214 // triggered or not. |
| 215 // Conditions for triggering migration: |
| 216 // 1. Cryptographer has no pending keys |
| 217 // 2. Nigori node isn't already properly migrated. |
| 218 // 3. Keystore key is available (if we are not migrated yet). |
| 219 // Note: if the nigori node is migrated but has an invalid state, will return |
| 220 // true (e.g. node has KEYSTORE_PASSPHRASE, local is CUSTOM_PASSPHRASE). |
| 221 bool ShouldTriggerMigration(const sync_pb::NigoriSpecifics& nigori, |
| 222 const Cryptographer& cryptographer) const; |
| 223 |
| 224 // Performs the actual migration of the |nigori_node| to support keystore |
| 225 // encryption iff ShouldTriggerMigration(..) returns true. |
| 226 bool AttemptToMigrateNigoriToKeystore(WriteTransaction* trans, |
| 227 WriteNode* nigori_node); |
| 228 |
| 229 // Fill |encrypted_blob| with the keystore decryptor token if |
| 230 // |encrypted_blob|'s contents didn't already contain the key. |
| 231 // The keystore decryptor token is the serialized current default encryption |
| 232 // key, encrypted with the keystore key. |
| 233 bool GetKeystoreDecryptor( |
| 234 const Cryptographer& cryptographer, |
| 235 const std::string& keystore_key, |
| 236 sync_pb::EncryptedData* encrypted_blob); |
| 237 |
| 238 // Helper method for installing the keys encrypted in |encryption_keybag| |
| 239 // into |cryptographer|. |
| 240 // Returns true on success, false if we were unable to install the keybag. |
| 241 // Will not update the default key. |
| 242 bool AttemptToInstallKeybag(const sync_pb::EncryptedData& keybag, |
| 243 bool update_default, |
| 244 Cryptographer* cryptographer); |
| 245 |
| 246 // Helper method for decrypting pending keys with the keystore bootstrap. |
| 247 // If successful, the default will become the key encrypted in the keystore |
| 248 // bootstrap, and will return true. Else will return false. |
| 249 bool DecryptPendingKeysWithKeystoreKey( |
| 250 const std::string& keystore_key, |
| 251 const sync_pb::EncryptedData& keystore_bootstrap, |
| 252 Cryptographer* cryptographer); |
| 253 |
| 254 // Helper to enable encrypt everything, notifying observers if necessary. |
| 255 // Will not perform re-encryption. |
| 256 void EnableEncryptEverythingImpl(syncable::BaseTransaction* const trans); |
| 257 |
| 171 base::ThreadChecker thread_checker_; | 258 base::ThreadChecker thread_checker_; |
| 172 | 259 |
| 173 base::WeakPtrFactory<SyncEncryptionHandlerImpl> weak_ptr_factory_; | 260 base::WeakPtrFactory<SyncEncryptionHandlerImpl> weak_ptr_factory_; |
| 174 | 261 |
| 175 ObserverList<SyncEncryptionHandler::Observer> observers_; | 262 ObserverList<SyncEncryptionHandler::Observer> observers_; |
| 176 | 263 |
| 177 // The current user share (for creating transactions). | 264 // The current user share (for creating transactions). |
| 178 UserShare* user_share_; | 265 UserShare* user_share_; |
| 179 | 266 |
| 180 // Container for all data that can be accessed from multiple threads. Do not | 267 // Container for all data that can be accessed from multiple threads. Do not |
| 181 // access this object directly. Instead access it via UnlockVault(..) and | 268 // access this object directly. Instead access it via UnlockVault(..) and |
| 182 // UnlockVaultMutable(..). | 269 // UnlockVaultMutable(..). |
| 183 Vault vault_unsafe_; | 270 Vault vault_unsafe_; |
| 184 | 271 |
| 185 // Sync encryption state that is only modified and accessed from the sync | 272 // Sync encryption state that is only modified and accessed from the sync |
| 186 // thread. | 273 // thread. |
| 187 // Whether all current and future types should be encrypted. | 274 // Whether all current and future types should be encrypted. |
| 188 bool encrypt_everything_; | 275 bool encrypt_everything_; |
| 189 // The current state of the passphrase required to decrypt the encryption | 276 // The current state of the passphrase required to decrypt the encryption |
| 190 // keys stored in the nigori node. | 277 // keys stored in the nigori node. |
| 191 PassphraseState passphrase_state_; | 278 PassphraseType passphrase_type_; |
| 192 | 279 |
| 193 // The keystore key provided by the server. | 280 // The keystore key provided by the server. |
| 194 std::string keystore_key_; | 281 std::string keystore_key_; |
| 195 | 282 |
| 196 // The number of times we've automatically (i.e. not via SetPassphrase or | 283 // The number of times we've automatically (i.e. not via SetPassphrase or |
| 197 // conflict resolver) updated the nigori's encryption keys in this chrome | 284 // conflict resolver) updated the nigori's encryption keys in this chrome |
| 198 // instantiation. | 285 // instantiation. |
| 199 int nigori_overwrite_count_; | 286 int nigori_overwrite_count_; |
| 200 | 287 |
| 288 // The time (in ms) the nigori was migrated to support keystore encryption. |
| 289 int64 migration_time_ms_; |
| 290 |
| 201 DISALLOW_COPY_AND_ASSIGN(SyncEncryptionHandlerImpl); | 291 DISALLOW_COPY_AND_ASSIGN(SyncEncryptionHandlerImpl); |
| 202 }; | 292 }; |
| 203 | 293 |
| 204 } // namespace syncer | 294 } // namespace syncer |
| 205 | 295 |
| 206 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_IMPL_H_ | 296 #endif // SYNC_INTERNAL_API_PUBLIC_SYNC_ENCRYPTION_HANDLER_IMPL_H_ |
| OLD | NEW |